NIST Issues Final Guidelines on Computer Security Controls for Federal Systems

Feb 28, 2005

The Commerce Department’s National Institute of Standards and Technology (NIST) today released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005.

“This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner,” said Shashi Phoha, director of NIST’s Information Technology Laboratory.

This fourth and final version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53) includes changes based on more than 1,200 comments to earlier drafts. Expected to have a wide audience beyond the federal government, the publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of all federal information systems that are not national security systems. The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication. The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate-, and high-impact information systems.

NIST SP 800-53 is one of a series of key standards and guidelines produced by NIST’s Computer Security Division to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002 and Office of Management and Budget security policies. Other recently published NIST security standards and guidelines include Standards for the Security Categorization of Federal Information and Information Systems (FIPS 199) and Guide for the Security Certification and Accreditation of Federal Information Systems (SP 800-37). All of NIST’s security standards and guidelines are available at csrc.nist.gov .

As a non-regulatory agency of the U.S. Department of Commerce’s Technology Administration, NIST develops and promotes measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life.

Source: NIST

Explore further: Residents alarmed as Coast Guard changes foghorns

add to favorites email to friend print save as pdf

Related Stories

Sony faces 4th ex-employee lawsuit over hack

Dec 20, 2014

A former director of technology for Sony Pictures Entertainment has sued the company over the data breach that resulted in the online posting of his private financial and personal information.

Ear-check via phone can ease path to diagnosis

Dec 18, 2014

Ear infections are common in babies and young children. That it is a frequent reason for young children's visit to doctors comes as no consolation for the parents of babies tugging at their ears and crying ...

US accuses North Korea of Sony hack (Update)

Dec 19, 2014

The United States said Friday that North Korea was behind a cyber attack on Sony Pictures, warning that those responsible would face punishment, as an envoy for Pyongyang again denied involvement.

Impoverished North Korea falls back on cyber weapons

Dec 19, 2014

As one of the world's most impoverished powers, North Korea would struggle to match America's military or economic might, but appears to have settled on a relatively cheap method to torment its foe.

Recommended for you

Key decisions on drones likely from Congress

4 hours ago

The Obama administration is on the verge of proposing long-awaited rules for commercial drone operations in U.S. skies, but key decisions on how much access to grant drones are likely to come from Congress ...

N. Korea suffers another Internet shutdown

Dec 27, 2014

North Korea suffered an Internet shutdown for at least two hours on Saturday, Chinese state-media and cyber experts said, after Pyongyang blamed Washington for an online blackout earlier this week.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.