NIST releases security guidance on mapping information

The National Institute of Standards and Technology has released the final version of its guidelines for categorizing information housed in federal IT systems.

The Federal Information Security Management Act requires agencies to identify categories of information they maintain and to assess the impact on the agency's mission of compromises to that information. NIST is charged with providing guidance on this and other FISMA requirements.

The guidance is provided in Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. This version incorporates suggestions made in public workshops and during a public comment period.

The document is published in two parts. Volume 1 provides guidelines for identifying impact levels for violations of confidentiality, integrity or availability of a given type of information. Volume 2 includes examples of mission-based information types and suggests provisional impact levels.

The document focuses primarily on management and administrative information, which is likely to be common among many agencies, rather than on mission-specific information.

The publication is one of a series of guides published by NIST to provide a structured, flexible framework for selecting, specifying, employing and evaluating the security controls in implementing FISMA.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group