NIST has new certification guide

NIST Special Publication 800-37

Related Links

Guidelines for federal agencies to use in certifying and accrediting their information systems are available in a new document from the National Institute of Standards and Technology.

The document, "NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems," is one of several publications that NIST officials have issued to help agencies comply with the Federal Information Security Management Act of 2002.

The guide offers a standardized set of procedures for agencies to use in evaluating an information system's various management, operational and technical security controls. It also offers suggestions for determining an acceptable level of risk associated with particular systems.

The new publication is meant to be used with two other NIST publications: "Federal Information Processing Standard Publication 199: Standards for Security Categorization of Federal Information and Information Systems" and "NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems." NIST has released a draft version of SP 800-53 for comment.

Featured

  • Cybersecurity
    Boy looks under voting booth at Ventura Polling Station for California primary Ventura County, California. Joseph Sohm / Shutterstock.com

    FBI breach notice rules lauded by states, but some want more

    A recent policy change by the FBI would notify states when their local election systems are hacked, but some state officials and lawmakers want the feds to inform a broader range of stakeholders in the election ecosystem.

  • paths (cybrain/Shutterstock.com)

    Does strategic planning help organizations?

    Steve Kelman notes growing support for strategic planning efforts -- and the steps agencies take to keep those plans relevant.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.