NIST readies new security documents

NIST readies new security documents

A new National Institute of Standards and Technology method for categorizing security risk levels of federal systems is on the cusp of final approval.

The first public draft of the minimum security requirements for systems in new risk categories will be released in a couple of weeks, project manager Ron Ross said yesterday at an enterprise architecture conference in Vienna, Va.

Federal Information Processing Standard 199 ranks systems as low, medium and high risk in the categories of confidentiality, availability and integrity, Ross said. The standard will assist the reporting of security policy effectiveness to the Office of Management and Budget, which governs enterprise architecture issues.

Special Publication 800-53, which will specify the baseline security requirements that go with the FIPS security assessments, draws on many sources from Defense and civilian agencies and the International Standards Organization, Ross said.

The Federal Information Security Management Act of 2002 mandated the new FIPS.

The Open Group of San Francisco, a vendor consortium that promotes Unix interoperability standards, sponsored the conference.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected