NIST to tweak mandatory security controls

FISMA Implementation Project Web site

Federal officials say it is not too late to submit suggestions for changes in a standards document describing security controls that will become mandatory for federal information systems in 2006.

The National Institute of Standards and Technology plans to revise its Special Publication 800-53 on mandatory security controls and to publish the revised version when it releases a companion document, Federal Information Processing Standard (FIPS) 200.

The FIPS 200 document probably will not be signed by the Commerce Department’s secretary until February 2006, according to the latest FIPS 200 status update from Ronald Ross, a senior computer scientist and leader of the Federal Information Security Management Act project at NIST.

Once the secretary signs the FIPS 200 document, federal agencies will be required to use appropriate computer security controls to protect government information that could be at risk without those controls in place. The FIPS document describes those controls as measures taken to protect information confidentiality, integrity and availability.

“It's not going to be easy to put in all these controls and get them working," Ross said, speaking at a security seminar earlier this year. But making the effort is too important to ignore, he said. "We're trying to establish a federal level of due diligence for all these systems,” he said, adding that the more important an application or system is to an agency's mission, the stronger the controls must be.

NIST officials said they will accept suggestions for minor revisions of Special Publication 800-53 through Dec. 31 at the following e-mail address:


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.