NIST posts final draft of FISMA guidance
The final public draft of a framework for creating the security assessments mandated by the Federal Information Security Management Act is available for download from the National Institute of Standards and Technology (GCN.com/892).
NIST released the Draft Special Publication 800-53A, 'Guide for Assessing the Security Controls in Federal Information Systems,' last month and expects to publish the final edition in March.
SP 800-53A is an addendum to NIST SP 800-53, 'Recommended Security Controls for Federal Information Systems.' This addendum establishes a framework for assessing security controls. Both publications are extensions of Federal Information Processing Standard 200, the core document NIST produced to help agencies with FISMA.
This draft incorporates comments from the previous public drafts. Changes include updated assessment procedures, clarification of some chapters and a new set of assessment cases.
The agency is seeking comments until Jan. 31.
NIST expects this document to be relevant for agency security professionals working as consultants, operational managers, program managers and product developers.
Joab Jackson is the senior technology editor for Government Computer News.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.