NIST to tweak mandatory security controls

FISMA Implementation Project Web site

Federal officials say it is not too late to submit suggestions for changes in a standards document describing security controls that will become mandatory for federal information systems in 2006.

The National Institute of Standards and Technology plans to revise its Special Publication 800-53 on mandatory security controls and to publish the revised version when it releases a companion document, Federal Information Processing Standard (FIPS) 200.

The FIPS 200 document probably will not be signed by the Commerce Department’s secretary until February 2006, according to the latest FIPS 200 status update from Ronald Ross, a senior computer scientist and leader of the Federal Information Security Management Act project at NIST.

Once the secretary signs the FIPS 200 document, federal agencies will be required to use appropriate computer security controls to protect government information that could be at risk without those controls in place. The FIPS document describes those controls as measures taken to protect information confidentiality, integrity and availability.

“It's not going to be easy to put in all these controls and get them working," Ross said, speaking at a security seminar earlier this year. But making the effort is too important to ignore, he said. "We're trying to establish a federal level of due diligence for all these systems,” he said, adding that the more important an application or system is to an agency's mission, the stronger the controls must be.

NIST officials said they will accept suggestions for minor revisions of Special Publication 800-53 through Dec. 31 at the following e-mail address: [email protected]


  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected