NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Library


Back to Top

Legislation, Directives, and Policies

Public Law 107-347 Section III
Federal Information Security Management Act of 2002
December 2002

Homeland Security Presidential Directive #7
Critical Infrastructure Identification, Prioritization, and Protection
December 2003

OMB Circular A-130, Appendix III
Security of Federal Automated Information Resources
November 2003


Back to Top

Standards and Guidelines

FIPS Publication 199
Standards for Security Categorization of Federal Information and Information Systems
February 2004
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Stu Katzke, (301) 975-4768

FIPS Publication 200
Minimum Security Requirements for Federal Information and Information Systems
March 2006
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247

NIST Special Publication 800-18, Revision 1
Guide for Developing Security Plans for Federal Information Systems
February 2006
Primary Contact: Marianne Swanson, (301) 975-3293
Alternate Contact: Matt Scholl, (301) 975-2941

NIST Special Publication 800-30
Risk Management Guide for Information Technology Systems
July 2002
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Matt Scholl, (301) 975-2941

DRAFT Special Publication 800-37, Revision 1 Guide for Security Authorization of Federal Information Systems: A Security Lifecycle Approach (initial public draft)
August 2008
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Marianne Swanson, (301) 975-3293

NIST Special Publication 800-37
Guide for the Security Certification and Accreditation of Federal Information Systems
May 2004
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Marianne Swanson, (301) 975-3293

DRAFT Special Publication 800-39 (2nd Draft)
Managing Risk from Information Systems: An Organizational Perspective
April 2008
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Marianne Swanson, (301) 975-3293

NIST Special Publication 800-53, Revision 3
Recommended Security Controls for Federal Information Systems
July 2009
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247

NIST Special Publication 800-53, Revision 2
Recommended Security Controls for Federal Information Systems
December 2007
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247

Annex 1: Baseline Security Controls for Low-Impact Information Systems
  Adobe PDF 

Annex 2: Baseline Security Controls for Moderate-Impact Information Systems
  Adobe PDF

Annex 3: Baseline Security Controls for High-Impact Information Systems
  Adobe PDF

NIST Special Publication 800-53A
Guide for Assessing the Security Controls in Federal Information Systems
June 2008
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247

NIST Special Publication 800-59
Guideline for Identifying an Information System as a National Security System
August 2003
Primary Contact: Curt Barker, (301) 975-8443
Alternate Contact: Arnold Johnson, (301) 975-3247

NIST Special Publication 800-60, Revision 1 VOLUME 1 of 2 (document)
Guide for Mapping Types of Information and Information Systems to Security Categories
August 2008
Primary Contact: Kevin Stine, (301) 975-4483
Alternate Contact: Arnold Johnson, (301) 975-3247

Special Publication 800-60 Revision 1 VOLUME 2 of 2 (Appendices)
Guide for Mapping Types of Information and Information Systems to Security Categories
August 2008
Primary Contact: Kevin Stine, (301) 975-4483
Alternate Contact: Arnold Johnson, (301) 975-3247

DRAFT NIST IR 7328
Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems
September 2007
Primary Contact: Arnold Johnson, (301) 975-3247


Back to Top

Tutorials and Presentations

Presentations from the NIST Security Seminar on February 1, 2007
   NIST Presentation - (black & white)
   FDIC Presentation

Automated Security Support Tools: The Key to Successful FISMA Implementation

FISMA Phase II Workshop

FISMA Information Security Poster

FISMA Implementation: The Strategy, Challenges, and Roadmap Ahead

Certification and Accreditation Tutorial

FISMA Phase II April 26, 2006 Workshop Summary on Credentialing Program for Security Assessment Service Providers

Presentation from the FISMA Phase II Workshop on Credentialing Program for Security Assessment Service Providers


Back to Top

Papers

Memorandum For Record: Security Controls Assessment Form (SP 800-53A),
[updated 05/24/07]

Managing Enterprise Risk in Today’s World of Sophisticated Threats: A Framework for Developing Broad-Based, Cost-Effective Information Security Programs