NIST drafts guidance on risk management
- By Joab Jackson
- Oct 26, 2007
The National Institute of Standards and Technology has issued a draft of a new report that may become essential reading for government managers, who all must be sure their information technology systems are compliant with the Federal Information Security Management Act.
NIST's Information Technology Laboratory developed the report, "Managing Risk from Information Systems: An Organizational Perspective"
Ron Ross, the NIST FISMA implementation project leader, is an author
, along with Stu Katzke, Arnold Johnson, Marianne Swanson and Gary Stoneburner.
This report tackles the problem of dealing with risk. FISMA requires that agencies make their IT security decisions based on risk assessments. The report defines what risk is, as well as how to apply the NIST Risk Management Framework to government IT systems.
The report is part of a larger effort NIST is undertaking with the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to establish a baseline for government IT security.
Comments will be accepted through Dec. 14.
Joab Jackson is the senior technology editor for Government Computer News.