NIST has new certification guide

NIST Special Publication 800-37

Related Links

Guidelines for federal agencies to use in certifying and accrediting their information systems are available in a new document from the National Institute of Standards and Technology.

The document, "NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems," is one of several publications that NIST officials have issued to help agencies comply with the Federal Information Security Management Act of 2002.

The guide offers a standardized set of procedures for agencies to use in evaluating an information system's various management, operational and technical security controls. It also offers suggestions for determining an acceptable level of risk associated with particular systems.

The new publication is meant to be used with two other NIST publications: "Federal Information Processing Standard Publication 199: Standards for Security Categorization of Federal Information and Information Systems" and "NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems." NIST has released a draft version of SP 800-53 for comment.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected