NIST proposes guidelines for security checks
- By Vandana Sinha
- Nov 01, 2002
The National Institute of Standards and Technology last week released a guide to standardize the testing of agencies' systems security.
Special Publication 800-37, available for three months of public comment at csrc.nist.gov, lays out instructions for a security checkup. It is the first in a three-part series designed to bring consistency to certifying and accrediting systems security.
A second set of guidelines, 800-53, will describe the first-ever minimum security requirements for federal online systems. The third, 800-53A, will detail techniques for measuring a system's security level. Those two publications will be released next spring.
A second phase of the effort, still under development, would standardize the evaluation of vendors that accredit system security for the government.