NIST posts security control guidelines for comment

The National Institute of Standards and Technology yesterday released an initial public draft of recommended security controls for federal information systems. The guidelines for mandatory controls are expected to go into effect in two years.

The agency's IT Laboratory drafted Special Publication 800-53 under the Federal Information Security Management Act. SP 800-53 is one of seven NIST publications to be completed over the next two years as a security framework.

Federal Information Processing Standard Publication 200, 'Minimum Security Controls for Federal Information Systems,' will replace SP800-53 in late 2005 and will be mandatory for government systems not involved in national security.

Controls include management, operational and technical safeguards and countermeasures that ensure the confidentiality, integrity and availability of government systems.

The current 238-page report is preliminary and covers only guidelines for low and moderate security baselines. 'For the high baseline, the number of security controls will increase significantly,' the report said. That section will be added to the guidelines next year.

NIST will host a workshop on the high security guidelines at its Gaithersburg, Md., headquarters in March. Public feedback is a prerequisite for moving forward on a high security baseline, the report said.

NIST's Computer Security Division will accept comments on the initial draft of SP 800-53 until Jan. 31, 2004, by e-mail to [email protected], or by postal mail to 100 Bureau Dr., Mail Stop 8930, Gaithersburg, Md., 20899-8930.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected