NIST Issues Final Guidelines on Computer Security Controls for Federal Systems

Feb 28, 2005

The Commerce Department’s National Institute of Standards and Technology (NIST) today released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005.

“This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner,” said Shashi Phoha, director of NIST’s Information Technology Laboratory.

This fourth and final version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53) includes changes based on more than 1,200 comments to earlier drafts. Expected to have a wide audience beyond the federal government, the publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of all federal information systems that are not national security systems. The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication. The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate-, and high-impact information systems.

NIST SP 800-53 is one of a series of key standards and guidelines produced by NIST’s Computer Security Division to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002 and Office of Management and Budget security policies. Other recently published NIST security standards and guidelines include Standards for the Security Categorization of Federal Information and Information Systems (FIPS 199) and Guide for the Security Certification and Accreditation of Federal Information Systems (SP 800-37). All of NIST’s security standards and guidelines are available at csrc.nist.gov .

As a non-regulatory agency of the U.S. Department of Commerce’s Technology Administration, NIST develops and promotes measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life.

Source: NIST

Explore further: Form Devices team designs Point as a house sitter

add to favorites email to friend print save as pdf

Related Stories

Russia hacking site spying webcams worldwide: Britain

8 hours ago

Britain's privacy watchdog on Thursday called on Russia to take down a site showing hacked live feeds from thousands of homes and businesses around the world and warned it was planning "regulatory action".

Federal government struggles against cyberattacks

Nov 10, 2014

A $10 billion-a-year effort to protect sensitive government data, from military secrets to Social Security identification numbers, is struggling to keep pace with an increasing number of cyberattacks and ...

Notorious hacktivist shares methods, motives

Nov 10, 2014

Cocaine dealers, bank robbers and carjackers converge at Manchester Federal Prison in rural Kentucky—and then there is Jeremy Hammond, a tousle-haired and talented hacker whose nimble fingers have clicked ...

Recommended for you

Form Devices team designs Point as a house sitter

14 hours ago

A Scandinavian team "with an international outlook" and good eye for electronics, software and design aims to reach success with what they characterize as "a softer take" on home security. Their device is ...

Man pleads guilty in New York cybercrime case

16 hours ago

A California man has pleaded guilty in New York City for his role marketing malware that federal authorities say infected more than a half-million computers worldwide.

Dish restores Turner channels to lineup

Nov 21, 2014

Turner Broadcasting channels such as Cartoon Network and CNN are back on the Dish network after being dropped from the satellite TV provider's lineup during contract talks.

LiquidPiston unveils quiet X Mini engine prototype

Nov 21, 2014

LiquidPiston has a new X Mini engine which is a small 70 cubic centimeter gasoline powered "prototype. This is a quiet, four-stroke engine with near-zero vibration. The company said it can bring improvements ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.