NIST proposes guidelines for security checks

The National Institute of Standards and Technology last week released a guide to standardize the testing of agencies' systems security.

Special Publication 800-37, available for three months of public comment at csrc.nist.gov, lays out instructions for a security checkup. It is the first in a three-part series designed to bring consistency to certifying and accrediting systems security.

A second set of guidelines, 800-53, will describe the first-ever minimum security requirements for federal online systems. The third, 800-53A, will detail techniques for measuring a system's security level. Those two publications will be released next spring.

A second phase of the effort, still under development, would standardize the evaluation of vendors that accredit system security for the government.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.