NIST drafts guidance on risk management

The National Institute of Standards and Technology has issued a draft of a new report that may become essential reading for government managers, who all must be sure their information technology systems are compliant with the Federal Information Security Management Act.

NIST's Information Technology Laboratory developed the report, "Managing Risk from Information Systems: An Organizational Perspective" (SP-800-39-ipd.pdf).

Ron Ross, the NIST FISMA implementation project leader, is an author, along with Stu Katzke, Arnold Johnson, Marianne Swanson and Gary Stoneburner.

This report tackles the problem of dealing with risk. FISMA requires that agencies make their IT security decisions based on risk assessments. The report defines what risk is, as well as how to apply the NIST Risk Management Framework to government IT systems.

The report is part of a larger effort NIST is undertaking with the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to establish a baseline for government IT security.

Comments will be accepted through Dec. 14.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above