NIST puts its security guidelines in one basket

The National Institute of Standards and Technology has released a database to help agencies collect data needed to assess information technology security programs and produce reports for action plans.

The Program Review for Information Security Management Assistance database, which can be downloaded at, is part of PRISMA, a tool NIST developed for reviewing the complex information security requirements and posture of federal information security programs. It brings together guidelines from NIST publications, federal standards, best practices and requirements in the Federal Information Security Management Act.

PRISMA provides a framework for an independent, in-house review of the maturity of an agency's information security program. It requires documentation of security policies, procedures and implemented controls.

It also requires a review of the agency's organizational structure, culture and business mission. After the assessment, the PRISMA team identifies problems and develops a weighted list of corrective actions.

The PRISMA framework was released in January in NIST Interagency Report 7358. The database, which is in Microsoft Access 2003 and can help generate a report in Microsoft Word, was made available in April.

If you are having trouble finding guidelines or standards for your IT security assessment, NIST also has released a 'Guide to NIST Computer Security Documents,' a PDF that indexes the more than 250 publications the NIST Computer Security Division issues.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected