NIST Issues Final Guidelines on Computer Security Controls for Federal Systems

February 28, 2005

The Commerce Department’s National Institute of Standards and Technology (NIST) today released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005.

“This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner,” said Shashi Phoha, director of NIST’s Information Technology Laboratory.

This fourth and final version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53) includes changes based on more than 1,200 comments to earlier drafts. Expected to have a wide audience beyond the federal government, the publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of all federal information systems that are not national security systems. The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication. The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate-, and high-impact information systems.

NIST SP 800-53 is one of a series of key standards and guidelines produced by NIST’s Computer Security Division to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002 and Office of Management and Budget security policies. Other recently published NIST security standards and guidelines include Standards for the Security Categorization of Federal Information and Information Systems (FIPS 199) and Guide for the Security Certification and Accreditation of Federal Information Systems (SP 800-37). All of NIST’s security standards and guidelines are available at csrc.nist.gov .

As a non-regulatory agency of the U.S. Department of Commerce’s Technology Administration, NIST develops and promotes measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life.

Source: NIST

Explore further: State Department officials routinely sent secrets over email

Related Stories

State Department officials routinely sent secrets over email

August 27, 2015

The transmission of now-classified information across Hillary Rodham Clinton's private email is consistent with a State Department culture in which diplomats routinely sent secret material on unsecured email during the past ...

Audit: California agencies vulnerable to IT security breach

August 25, 2015

Many California state agencies are not complying with the state's information technology standards, leaving them vulnerable to a major security breach of sensitive data such as Social Security numbers, health information ...

Federal workers with sensitive jobs used cheating website

August 21, 2015

U.S. government employees with sensitive jobs in national security or law enforcement were among hundreds of federal workers found to be using government networks to access and pay membership fees to the cheating website ...

Economic security requires new measures of well-being

August 21, 2015

Economic well-being for low-income families in the U.S. is often determined by federal measures that establish basic requirements for essentials such as food, shelter and clothing, but a new study by a University at Buffalo ...

Lawsuits against Ashley Madison over hack face tough road

August 20, 2015

The release of the names and personal information of millions of potentially cheating spouses around the world will undoubtedly have disastrous consequences for many couples, but Ashley Madison members might think twice before ...

Recommended for you

Seeing quantum motion

August 28, 2015

Consider the pendulum of a grandfather clock. If you forget to wind it, you will eventually find the pendulum at rest, unmoving. However, this simple observation is only valid at the level of classical physics—the laws ...

Just how good (or bad) is the fossil record of dinosaurs?

August 28, 2015

Everyone is excited by discoveries of new dinosaurs – or indeed any new fossil species. But a key question for palaeontologists is 'just how good is the fossil record?' Do we know fifty per cent of the species of dinosaurs ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.