NIST tool analyzes security

"Self-Assessment Guide for Information Technology Systems"

The National Institute of Standards and Technology released draft guidance last week for agencies that are attempting to perform self-assessments of their information security programs.

The draft Self-Assessment Guide for Information Technology Systems is a questionnaire that builds upon the Federal IT Security Assessment Framework, which was developed by NIST and issued by the Chief Information Officers Council in November 2000.

To comply with the new Government Information Security Reform Act, the Office of Management and Budget directed agencies to use the framework as one of many tools to use when managing security policies. The framework helps agencies measure their security programs' status against five levels.

The draft guidance provides specifics on how to go about performing those measurements and is intended to give agencies specific steps to improve their programs.

The questionnaire itself, which covers 17 control areas within a complete, security program, is designed to provide results that will enable agencies to determine where a system's security program needs improvement. Agency officials would scan marked columns in the questionnaire to analyze the specific controls that need to be documented, implemented, tested and integrated into the life cycle of a system.

Questions are in areas of management controls, operational controls and technical controls, and delve deeper with more than 200 specific questions. Once agency officials complete the questionnaire, it provides guidance on how to analyze and use the results.

Comments on the draft are due back to Marianne Swanson at NIST by April 9 at marianne.swanson@nist.gov.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.