|
The
Commerce Department's National Institute of Standards and
Technology (NIST) today published guidelines on the security
certification and accreditation of federal information
systems. NIST Special Publication 800-37, Guide for the
Security Certification and Accreditation of Federal Information
Systems, is one of several key documents being developed
by NIST to support the implementation of the Federal Information
Security Management Act (FISMA) of 2002.
The
new guidelines provide a standardized approach for assessing
the effectiveness
of the management, operational and technical security controls in an information
system. In addition, they can aid management officials in making a determination
about the acceptable level of risk to an agency's operations and assets brought
about by the operation of that system.
NIST
Special Publication 800-37 will be used in conjunction
with the new mandatory security standard, Federal Information
Processing Standard Publication 199, Standards
for Security Categorization of Federal Information and Information Systems,
and
NIST Special Publication 800-53, Recommended Security Controls for Federal
Information Systems (currently in draft), to help improve
the security posture of federal
agencies and their information systems. The security certification and accreditation guidelines
are applicable to all federal information systems other than
those systems designated as national security systems as
defined in FISMA. Federal agencies are required to conduct
security certification and accreditation in accordance with
standing policy from the Office of Management and Budget.
State, local and tribal governments, as well as private sector
organizations comprising the critical infrastructure of the
United States, are encouraged to consider the use of these
guidelines, as appropriate.
NIST Special
Publication 800-37 is available from NIST’s
Computer Security Resource Center at: http://csrc.nist.gov/publications.
A complete description of the NIST FISMA Implementation Project
also is available at: http://csrc.nist.gov/sec-cert.
As a non-regulatory agency of the U.S. Department of Commerce's
Technology Administration, NIST develops and promotes measurement,
standards and technology to enhance productivity, facilitate
trade and improve the quality of life.
 Go
back to NIST News Page
|
