US publishes federal IT security guidelines


US publishes federal IT security guidelines

Antony Savvas

The US National Institute of Standards and Technology (NIST) has published recommended security controls for federal information systems.

The new guidelines will be the basis for a proposal due later this year by NIST for a Federal Information Processing Standard (FIPS). The standard will become mandatory for federal agencies in December 2005.

"This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner," said Shashi Phoha, director of NIST’s Information Technology Laboratory.

The standard, which is expected to be of interest to non-governmental organisation as well, recommends management, operational and technical controls needed to protect all federal information systems that are not national security systems.

The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication.

The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate- and high-impact information systems.

All of NIST’s security standards and guidelines are available at

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy