NIST keeps publishing

One way to quantify the growth in importance of computer security work is to count the pages of security guidelines published by the National Institute of Standards and Technology in the past year. The total is 1,200 pages, said Ed Roback, chief of the Computer Security Division.

Speaking June 4 in Washington, D.C., at the E-Gov Institute's Annual Government Solutions Forum, Roback said documents on topics as unremarkable sounding as security categorization often generate strong responses. When NIST released "Federal Information Processing Standard Publication 199: Standards for Security Categorization of Federal Information and Information Systems," it was a 10-page document, but it provoked 200 pages of public comment, he said. "We have an awful lot of folks paying attention to each and every word in the standard."

Roback said NIST officials are drafting another security document that defines the minimum information security controls that agencies must use to protect their information systems under the Federal Information Security Management Act of 2002. By law, the document, "Special Publication 800-53, Recommended Security Controls for Federal Information Systems," must be completed by December 2005.

On that date, the guidelines in SP 800-53 will become mandatory as FIPS 200, a document that "is going to have an absolutely profound effect across the government," he said.

Roback used the E-Gov forum to show off many of the wares on NIST's csrc.nist.gov Web site. The site, www.csrc.nist.gov/fasp, has a showcase, for example, of more than 100 federal agency security practices and policies for things such as contingency planning and e-authentication. "See how your colleagues are addressing these issues," he said.

For a fee, NIST also offers help to agencies by providing a team of experts to review computer security programs. The NIST experts see their role as giving "sort of white-hat advice before some of the other folks — General Accounting Office, inspectors general and so forth — show up," he said.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected