Feds finalize standards for rating security risk

The Commerce Department has approved a new Federal Information Processing Standard for categorizing security risks to government information and systems.

The National Institute of Standards and Technology developed FIPS 199 as required by the Federal Information Security Management Act.

FISMA mandates that agencies evaluate and provide security programs for IT. The new standard spells out how agencies will categorize information and systems based on a range of risk levels. It also provides a common framework for discussing security issues.

The standard takes effect today and is compulsory for evaluation of unclassified information and for information systems not designated for national security.

NIST in May published a draft of FIPS 199 for public comment. During the three-month comment period, the agency received 13 comments from the private sector, 18 from federal organizations and one from the Canadian government. The agency changed several terms in the final document as a result of the comments, NIST officials said.

According to NIST, most of the comments concerned issues of risk assessment and threats. The draft described three levels of risk each in of the areas of confidentiality, integrity and availability. The final version instead identifies three levels of impact if the confidentiality, integrity or availability of a system is compromised.

The final version also clarifies the issue of privacy, making it explicit that privacy is an element of confidentiality.

NIST plans to post the final version of FIPS Publication 199 soon at csrc.nist.gov/publications.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group