TechTarget

US publishes federal IT security guidelines

The US National Institute of Standards and Technology (NIST) has published recommended security controls for federal information...

The US National Institute of Standards and Technology (NIST) has published recommended security controls for federal information systems.

The new guidelines will be the basis for a proposal due later this year by NIST for a Federal Information Processing Standard (FIPS). The standard will become mandatory for federal agencies in December 2005.

"This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls and, by using a risk-based approach, do so in a cost-effective manner," said Shashi Phoha, director of NIST’s Information Technology Laboratory.

The standard, which is expected to be of interest to non-governmental organisation as well, recommends management, operational and technical controls needed to protect all federal information systems that are not national security systems.

The controls cover 17 key security focus areas, including risk assessment, contingency planning, incident response, access control, and identification and authentication.

The security guidelines also provide information on selecting the appropriate controls needed to achieve security for low-, moderate- and high-impact information systems.

All of NIST’s security standards and guidelines are available at http://csrc.nist.gov

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close