US publishes federal IT security guidelines


US publishes federal IT security guidelines

Antony Savvas

The US National Institute of Standards and Technology (NIST) has published recommended security controls for federal information systems.

The new guidelines will be the basis for a proposal due later this year by NIST for a Federal Information Processing Standard (FIPS). The standard will become mandatory for federal agencies in December 2005.

"This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner," said Shashi Phoha, director of NIST’s Information Technology Laboratory.

The standard, which is expected to be of interest to non-governmental organisation as well, recommends management, operational and technical controls needed to protect all federal information systems that are not national security systems.

The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication.

The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate- and high-impact information systems.

All of NIST’s security standards and guidelines are available at

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy