NIST Issues Final Guidelines on Computer Security Controls for Federal Systems

Feb 28, 2005

The Commerce Department’s National Institute of Standards and Technology (NIST) today released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005.

“This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner,” said Shashi Phoha, director of NIST’s Information Technology Laboratory.

This fourth and final version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53) includes changes based on more than 1,200 comments to earlier drafts. Expected to have a wide audience beyond the federal government, the publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of all federal information systems that are not national security systems. The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication. The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate-, and high-impact information systems.

NIST SP 800-53 is one of a series of key standards and guidelines produced by NIST’s Computer Security Division to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002 and Office of Management and Budget security policies. Other recently published NIST security standards and guidelines include Standards for the Security Categorization of Federal Information and Information Systems (FIPS 199) and Guide for the Security Certification and Accreditation of Federal Information Systems (SP 800-37). All of NIST’s security standards and guidelines are available at csrc.nist.gov .

As a non-regulatory agency of the U.S. Department of Commerce’s Technology Administration, NIST develops and promotes measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life.

Source: NIST

Explore further: Freescale introduces world's smallest integrated tire pressure monitoring system

add to favorites email to friend print save as pdf

Related Stories

Banks harvest callers' voiceprints to fight fraud

Oct 13, 2014

(AP)—The caller said her home had burned down and her husband had been badly hurt in the blaze. On the telephone with her bank, she pleaded for a replacement credit card at her new address.

Few US states preparing for climate change, study says

Oct 10, 2014

Fewer than half of American states are working to protect themselves from climate change, despite more detailed warnings from scientists that communities are already being damaged, according to a new online clearinghouse ...

Sen. Wyden: NSA tech spying hurts economy

Oct 08, 2014

Google Chairman Eric Schmidt and other Silicon Valley executives say controversial government spying programs are undercutting the Internet economy and want Congress to step up stalled reform.

Court mulls secrecy of national security letters

Oct 08, 2014

A government lawyer argued Wednesday that national security efforts would be "hamstrung" if the FBI was barred from sending secretive demands for customer data—national security letters—to telecommunication companies, ...

Recommended for you

Sweeping air devices for greener planes

27 minutes ago

The large amount of jet fuel required to fly an airplane from point A to point B can have negative impacts on the environment and—as higher fuel costs contribute to rising ticket prices—a traveler's wallet. ...

World record in data transmission with smart circuits

47 minutes ago

Fewer cords, smaller antennas and quicker video transmission. This may be the result of a new type of microwave circuit that was designed at Chalmers University of Technology. The research team behind the ...

Robots recognize humans in disaster environments

1 hour ago

Through a computational algorithm, a team of researchers from the University of Guadalajara (UDG) in Mexico, developed a neural network that allows a small robot to detect different patterns, such as images, ...

User comments : 0