NIST posts security control guidelines for comment

The National Institute of Standards and Technology yesterday released an initial public draft of recommended security controls for federal information systems. The guidelines for mandatory controls are expected to go into effect in two years.

The agency's IT Laboratory drafted Special Publication 800-53 under the Federal Information Security Management Act. SP 800-53 is one of seven NIST publications to be completed over the next two years as a security framework.

Federal Information Processing Standard Publication 200, 'Minimum Security Controls for Federal Information Systems,' will replace SP800-53 in late 2005 and will be mandatory for government systems not involved in national security.

Controls include management, operational and technical safeguards and countermeasures that ensure the confidentiality, integrity and availability of government systems.

The current 238-page report is preliminary and covers only guidelines for low and moderate security baselines. 'For the high baseline, the number of security controls will increase significantly,' the report said. That section will be added to the guidelines next year.

NIST will host a workshop on the high security guidelines at its Gaithersburg, Md., headquarters in March. Public feedback is a prerequisite for moving forward on a high security baseline, the report said.

NIST's Computer Security Division will accept comments on the initial draft of SP 800-53 until Jan. 31, 2004, by e-mail to [email protected], or by postal mail to 100 Bureau Dr., Mail Stop 8930, Gaithersburg, Md., 20899-8930.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected