NIST sets security checkup standards

Federal agencies get their first peek Monday at proposed guidelines that, by spring, will begin to standardize the testing of systems security.

The National Institute of Standards and Technology developed the guidelines, to be posted Monday at csrc.nist.gov. Special Publication 800-37 lays out instructions for a security checkup. It is the first in a three-part series designed to bring consistency to certifying and accrediting systems security. NIST will accept public comments on 800-37 for three months.

The second set of guidelines, 800-53, will describe the first-ever minimum-security requirements for federal online systems. The third, 800-53A, will detail techniques for measuring a system's security level. Those two publications will be released next spring.

A second phase of the effort, still under development, would standardize the evaluation of vendors that accredit system security for the government.

NIST is gearing the guidelines to federal agencies but hopes they will appeal to state and local governments and private industry, where information security is no less a concern.

"We need more consistent results," said Ron Ross, a NIST senior computer scientist and director of the National Information Assurance Partnership. "We'll have everybody speaking the same language."

inside gcn

  • machine learning

    Mitigating the risks of military AI

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group