NIST posts final draft of FISMA guidance

The final public draft of a framework for creating the security assessments mandated by the Federal Information Security Management Act is available for download from the National Institute of Standards and Technology (GCN.com/892).

NIST released the Draft Special Publication 800-53A, 'Guide for Assessing the Security Controls in Federal Information Systems,' last month and expects to publish the final edition in March.

SP 800-53A is an addendum to NIST SP 800-53, 'Recommended Security Controls for Federal Information Systems.' This addendum establishes a framework for assessing security controls. Both publications are extensions of Federal Information Processing Standard 200, the core document NIST produced to help agencies with FISMA.

This draft incorporates comments from the previous public drafts. Changes include updated assessment procedures, clarification of some chapters and a new set of assessment cases.

The agency is seeking comments until Jan. 31.

NIST expects this document to be relevant for agency security professionals working as consultants, operational managers, program managers and product developers.

About the Authors

Joab Jackson is the senior technology editor for Government Computer News.

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above