NIST posts final draft of FISMA guidance

The final public draft of a framework for creating the security assessments mandated by the Federal Information Security Management Act is available for download from the National Institute of Standards and Technology (

NIST released the Draft Special Publication 800-53A, 'Guide for Assessing the Security Controls in Federal Information Systems,' last month and expects to publish the final edition in March.

SP 800-53A is an addendum to NIST SP 800-53, 'Recommended Security Controls for Federal Information Systems.' This addendum establishes a framework for assessing security controls. Both publications are extensions of Federal Information Processing Standard 200, the core document NIST produced to help agencies with FISMA.

This draft incorporates comments from the previous public drafts. Changes include updated assessment procedures, clarification of some chapters and a new set of assessment cases.

The agency is seeking comments until Jan. 31.

NIST expects this document to be relevant for agency security professionals working as consultants, operational managers, program managers and product developers.

About the Authors

Joab Jackson is the senior technology editor for Government Computer News.

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.