NIST invites comment on draft standard

NIST Draft Special Publication 800-53A

Computer scientists at the National Institute of Standards and Technology have released draft versions of two documents that they consider to be among the most important in a recent series of NIST documents on information security.

One is a small publication describing minimum security requirements that will become mandatory after the Commerce Department secretary signs the document, as he is expected to do at the end of this year. That document is "Draft Federal Information Processing Standard (FIPS) Publication 200: Minimum Security Requirements for Federal Information and Information Systems."

A second document, "Draft Special Publication 800-53A: Guide for Assessing the Security Controls in Federal Information Systems," is a 152-page guide to developing a cost-effective information security program based an agency’s assessment of its risks.

Both documents are meant to help federal agencies secure their information systems and comply with the Federal Information Security Management Act (FISMA) of 2002, NIST officials said.

“We have attempted to provide a security standard that establishes a level of security due diligence for federal agencies in protecting their information and information systems,” Ron Ross, project leader for NIST’s FISMA Implementation Project, writes in the introduction to "FIPS Publication 200."

NIST will accept comments on "Draft Special Publication 800-53A" until 5 p.m. EDT Aug. 31 at [email protected] Comments on "Draft FIPS Publication 200" will be accepted until 5 p.m. EDT Sept. 13 at draftfips200.nist.gov.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected