NIST releases new FISMA guidance

NIST releases new FISMA guidance

The National Institute of Standards and Technology has released further draft guidance to help agencies meet the requirements of the Federal Information Security Management Act of 2002.

NIST Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, shows agencies how to assign the security ratings to their information and systems. To view it online, click guide.

The new guide is a follow-up to Federal Information Processing Standard 199, which established basic ratings for assessing security risks of information and systems. To access it online, click FIPS 199.

Publication 800-60 details how to apply the 199 standard's basic ratings to an agency's specific lines of business, as defined by the Office of Management and Budget's Business Reference Model. The reference model is a framework describing government functions and mechanisms.

NIST is providing multiple guides to help agencies meet FISMA requirements. Last month, the agency released a draft of Special Publication 800-53, which outlined minimum security controls required for government systems [see GCN story].

The agency will accept comments on the latest special publication draft until Feb. 20. NIST will hold a workshop on the guidance Feb. 26 and 27.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • machine learning

    Mitigating the risks of military AI

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group