NIST Issues Final Guidelines on Computer Security Controls for Federal Systems

February 28, 2005

The Commerce Department’s National Institute of Standards and Technology (NIST) today released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005.

“This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner,” said Shashi Phoha, director of NIST’s Information Technology Laboratory.

This fourth and final version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53) includes changes based on more than 1,200 comments to earlier drafts. Expected to have a wide audience beyond the federal government, the publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of all federal information systems that are not national security systems. The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication. The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate-, and high-impact information systems.

NIST SP 800-53 is one of a series of key standards and guidelines produced by NIST’s Computer Security Division to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002 and Office of Management and Budget security policies. Other recently published NIST security standards and guidelines include Standards for the Security Categorization of Federal Information and Information Systems (FIPS 199) and Guide for the Security Certification and Accreditation of Federal Information Systems (SP 800-37). All of NIST’s security standards and guidelines are available at csrc.nist.gov .

As a non-regulatory agency of the U.S. Department of Commerce’s Technology Administration, NIST develops and promotes measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life.

Source: NIST

Explore further: Auto industry must tackle its software problems to stop hacks as cars go online

Related Stories

US seeks extradition of British man charged with hacking

July 16, 2015

A British man accused of hacking into U.S. government computer networks and stealing sensitive and confidential information was arrested in England, and U.S. prosecutors said they will attempt to have him transferred to New ...

Top US official quits after massive government hack

July 10, 2015

The director of the US Office of Personnel Management resigned Friday after a devastating hack of government databases that saw the personal information of millions of federal workers and contractors stolen.

Feds say they have shut down Darkode malware marketplace

July 15, 2015

The Justice Department shut down an online "criminal bazaar" where computer hackers bought and sold stolen databases, malicious software and other products that could cripple or steal information from computers and cellphones, ...

Is cyberjacking a new threat to air travel?

July 13, 2015

When Malaysia Airlines flight MH370 vanished en route to Beijing in March 2014, the horror and mystery of the story captivated the public. And as with any mystery, the lack of a definitive answer left a void for speculation ...

Recommended for you

Galaxies show appetite for growth

August 4, 2015

The extent to which galaxies consume one another has been revealed in research. Findings from the study help to explain how galaxies such as the Milky Way were formed.

Can genes make us liberal or conservative?

August 4, 2015

Aristotle may have been more on the money than he realised in saying man is a political animal, according to research published Wednesday linking genes with liberal or conservative leanings.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.