NIST releases new FISMA guidance
NIST releases new FISMA guidance
- By Joab Jackson
- Dec 23, 2003
The National Institute of Standards and Technology has released further draft guidance to help agencies meet the requirements of the Federal Information Security Management Act of 2002.
NIST Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, shows agencies how to assign the security ratings to their information and systems. To view it online, click
guide.
The new guide is a follow-up to Federal Information Processing Standard 199, which established basic ratings for assessing security risks of information and systems. To access it online, click
FIPS 199.
Publication 800-60 details how to apply the 199 standard's basic ratings to an agency's specific lines of business, as defined by the Office of Management and Budget's Business Reference Model. The reference model is a framework describing government functions and mechanisms.
NIST is providing multiple guides to help agencies meet FISMA requirements. Last month, the agency released a draft of Special Publication 800-53, which outlined minimum security controls required for government systems [see
GCN story].
The agency will accept comments on the latest special publication draft until Feb. 20. NIST will hold a workshop on the guidance Feb. 26 and 27.
About the Author
Joab Jackson is the senior technology editor for Government Computer News.