NIST posts security control guidelines for comment

The National Institute of Standards and Technology yesterday released an initial public draft of recommended security controls for federal information systems. The guidelines for mandatory controls are expected to go into effect in two years.

The agency's IT Laboratory drafted Special Publication 800-53 under the Federal Information Security Management Act. SP 800-53 is one of seven NIST publications to be completed over the next two years as a security framework.

Federal Information Processing Standard Publication 200, 'Minimum Security Controls for Federal Information Systems,' will replace SP800-53 in late 2005 and will be mandatory for government systems not involved in national security.

Controls include management, operational and technical safeguards and countermeasures that ensure the confidentiality, integrity and availability of government systems.

The current 238-page report is preliminary and covers only guidelines for low and moderate security baselines. 'For the high baseline, the number of security controls will increase significantly,' the report said. That section will be added to the guidelines next year.

NIST will host a workshop on the high security guidelines at its Gaithersburg, Md., headquarters in March. Public feedback is a prerequisite for moving forward on a high security baseline, the report said.

NIST's Computer Security Division will accept comments on the initial draft of SP 800-53 until Jan. 31, 2004, by e-mail to [email protected], or by postal mail to 100 Bureau Dr., Mail Stop 8930, Gaithersburg, Md., 20899-8930.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected