NIST releases new FISMA guidance

NIST releases new FISMA guidance

The National Institute of Standards and Technology has released further draft guidance to help agencies meet the requirements of the Federal Information Security Management Act of 2002.

NIST Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, shows agencies how to assign the security ratings to their information and systems. To view it online, click guide.

The new guide is a follow-up to Federal Information Processing Standard 199, which established basic ratings for assessing security risks of information and systems. To access it online, click FIPS 199.

Publication 800-60 details how to apply the 199 standard's basic ratings to an agency's specific lines of business, as defined by the Office of Management and Budget's Business Reference Model. The reference model is a framework describing government functions and mechanisms.

NIST is providing multiple guides to help agencies meet FISMA requirements. Last month, the agency released a draft of Special Publication 800-53, which outlined minimum security controls required for government systems [see GCN story].

The agency will accept comments on the latest special publication draft until Feb. 20. NIST will hold a workshop on the guidance Feb. 26 and 27.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected