NIST releases security level guidance

NIST draft publications

The National Institute of Standards and Technology recently released a draft of the last piece of guidance for agencies to determine the proper level of security on information systems.

Released late last week by NIST's Computer Security Division, "Special Publication 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories" provides the middle step for guidance and standards required under the Federal Information Security Management Act (FISMA) of 2002.

NIST's categories of security impact are based on draft Federal Information Processing Standard (FIPS) 199, which the division released in September. The goal of the guidance is to have agencies assign impact levels without considering potential security controls and countermeasures, but in October, NIST released another draft guide outlining minimum-security controls for each category.

Officials plan to hold a government-only workshop about the latest draft Feb. 26-27, 2004. For details, e-mail [email protected] Comments on the draft publication are due by Feb. 20, 2004, and can be sent to [email protected]

NIST also released a draft interagency report on smart card technology development and adoption within agencies. The draft report is in response to a January General Accounting Office report that recommended that NIST play a greater role in smart card implementation governmentwide.

Also in response to that report, NIST hosted the Storage and Processor Card-Based Technology Workshop to identify requirements from agencies and industry. The draft outlines the results of that workshop, which identified gaps in many areas of the smart card arena, including biometric interoperability, co-existence of multiple technologies on a single card and the need for common standards for identity methods.

Comments on the smart card draft report should be submitted to [email protected] by Jan. 30, 2004.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected