NIST has new certification guide
- By Florence Olsen
- May 21, 2004
NIST Special Publication 800-37
Guidelines for federal agencies to use in certifying and accrediting their information systems are available in a new document from the National Institute of Standards and Technology.
The document, "NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems," is one of several publications that NIST officials have issued to help agencies comply with the Federal Information Security Management Act of 2002.
The guide offers a standardized set of procedures for agencies to use in evaluating an information system's various management, operational and technical security controls. It also offers suggestions for determining an acceptable level of risk associated with particular systems.
The new publication is meant to be used with two other NIST publications: "Federal Information Processing Standard Publication 199: Standards for Security Categorization of Federal Information and Information Systems" and "NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems." NIST has released a draft version of SP 800-53 for comment.