NIST releases security guidance on mapping information
- By William Jackson
- Jun 14, 2004
The National Institute of Standards and Technology has released the final version of its guidelines for categorizing information housed in federal IT systems.
The Federal Information Security Management Act requires agencies to identify categories of information they maintain and to assess the impact on the agency's mission of compromises to that information. NIST is charged with providing guidance on this and other FISMA requirements.
The guidance is provided in Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories
. This version incorporates suggestions made in public workshops and during a public comment period.
The document is published in two parts. Volume 1 provides guidelines for identifying impact levels for violations of confidentiality, integrity or availability of a given type of information. Volume 2 includes examples of mission-based information types and suggests provisional impact levels.
The document focuses primarily on management and administrative information, which is likely to be common among many agencies, rather than on mission-specific information.
The publication is one of a series of guides published by NIST to provide a structured, flexible framework for selecting, specifying, employing and evaluating the security controls in implementing FISMA.
William Jackson is a Maryland-based freelance writer.