NIST proposes guidelines for security checks

The National Institute of Standards and Technology last week released a guide to standardize the testing of agencies' systems security.

Special Publication 800-37, available for three months of public comment at csrc.nist.gov, lays out instructions for a security checkup. It is the first in a three-part series designed to bring consistency to certifying and accrediting systems security.

A second set of guidelines, 800-53, will describe the first-ever minimum security requirements for federal online systems. The third, 800-53A, will detail techniques for measuring a system's security level. Those two publications will be released next spring.

A second phase of the effort, still under development, would standardize the evaluation of vendors that accredit system security for the government.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected