NIST Issues Final Guidelines on Computer Security Controls for Federal Systems

Feb 28, 2005

The Commerce Department’s National Institute of Standards and Technology (NIST) today released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005.

“This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner,” said Shashi Phoha, director of NIST’s Information Technology Laboratory.

This fourth and final version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53) includes changes based on more than 1,200 comments to earlier drafts. Expected to have a wide audience beyond the federal government, the publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of all federal information systems that are not national security systems. The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication. The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate-, and high-impact information systems.

NIST SP 800-53 is one of a series of key standards and guidelines produced by NIST’s Computer Security Division to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002 and Office of Management and Budget security policies. Other recently published NIST security standards and guidelines include Standards for the Security Categorization of Federal Information and Information Systems (FIPS 199) and Guide for the Security Certification and Accreditation of Federal Information Systems (SP 800-37). All of NIST’s security standards and guidelines are available at csrc.nist.gov .

As a non-regulatory agency of the U.S. Department of Commerce’s Technology Administration, NIST develops and promotes measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life.

Source: NIST

Explore further: Ex-Apple chief plans mobile phone for India

add to favorites email to friend print save as pdf

Related Stories

How widespread is tax evasion?

Apr 10, 2014

Tax evasion is widely assumed to be an eternal problem for governments—but how widespread is it? For the first time, a new study, co-authored by an MIT professor, has put a cost on a particular kind of tax evasion, known ...

Recommended for you

Ex-Apple chief plans mobile phone for India

1 hour ago

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Health care site flagged in Heartbleed review

14 hours ago

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

Airbnb rental site raises $450 mn

15 hours ago

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Four questions about missing Malaysian plane answered

15 hours ago

Travelers at Asian airports have asked questions about the March 8 disappearance of Malaysia Airlines Flight 370 while en route from Kuala Lumpur to Beijing. Here are some of them, followed by answers.

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...