NIST invites comment on draft standard

NIST Draft Special Publication 800-53A

Computer scientists at the National Institute of Standards and Technology have released draft versions of two documents that they consider to be among the most important in a recent series of NIST documents on information security.

One is a small publication describing minimum security requirements that will become mandatory after the Commerce Department secretary signs the document, as he is expected to do at the end of this year. That document is "Draft Federal Information Processing Standard (FIPS) Publication 200: Minimum Security Requirements for Federal Information and Information Systems."

A second document, "Draft Special Publication 800-53A: Guide for Assessing the Security Controls in Federal Information Systems," is a 152-page guide to developing a cost-effective information security program based an agency’s assessment of its risks.

Both documents are meant to help federal agencies secure their information systems and comply with the Federal Information Security Management Act (FISMA) of 2002, NIST officials said.

“We have attempted to provide a security standard that establishes a level of security due diligence for federal agencies in protecting their information and information systems,” Ron Ross, project leader for NIST’s FISMA Implementation Project, writes in the introduction to "FIPS Publication 200."

NIST will accept comments on "Draft Special Publication 800-53A" until 5 p.m. EDT Aug. 31 at [email protected] Comments on "Draft FIPS Publication 200" will be accepted until 5 p.m. EDT Sept. 13 at draftfips200.nist.gov.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected