NIST releases new FISMA guidance

NIST releases new FISMA guidance

The National Institute of Standards and Technology has released further draft guidance to help agencies meet the requirements of the Federal Information Security Management Act of 2002.

NIST Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, shows agencies how to assign the security ratings to their information and systems. To view it online, click guide.

The new guide is a follow-up to Federal Information Processing Standard 199, which established basic ratings for assessing security risks of information and systems. To access it online, click FIPS 199.

Publication 800-60 details how to apply the 199 standard's basic ratings to an agency's specific lines of business, as defined by the Office of Management and Budget's Business Reference Model. The reference model is a framework describing government functions and mechanisms.

NIST is providing multiple guides to help agencies meet FISMA requirements. Last month, the agency released a draft of Special Publication 800-53, which outlined minimum security controls required for government systems [see GCN story].

The agency will accept comments on the latest special publication draft until Feb. 20. NIST will hold a workshop on the guidance Feb. 26 and 27.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected