NIST drafts guidance on risk management

The National Institute of Standards and Technology has issued a draft of a new report that may become essential reading for government managers, who all must be sure their information technology systems are compliant with the Federal Information Security Management Act.

NIST's Information Technology Laboratory developed the report, "Managing Risk from Information Systems: An Organizational Perspective" (SP-800-39-ipd.pdf).

Ron Ross, the NIST FISMA implementation project leader, is an author, along with Stu Katzke, Arnold Johnson, Marianne Swanson and Gary Stoneburner.

This report tackles the problem of dealing with risk. FISMA requires that agencies make their IT security decisions based on risk assessments. The report defines what risk is, as well as how to apply the NIST Risk Management Framework to government IT systems.

The report is part of a larger effort NIST is undertaking with the Director of National Intelligence, the Department of Defense and the Committee on National Security Systems to establish a baseline for government IT security.

Comments will be accepted through Dec. 14.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected