NIST announces FISMA Phase II

The National Institute of Standards and Technology is drafting a set of qualifications that agencies and contractors must meet before they can assess the security of federal information systems. The Federal Information Security Management Act of 2002 requires annual security assessments.

Establishing qualifications for those who conduct security assessments marks a new phase in the implementation of FISMA, NIST officials said this week. In the first phase, NIST was preoccupied with creating information security standards and guidelines for federal agencies. In the next phase, NIST’s technical managers will try to create a set of minimum qualifications and procedural standards for anyone who conducts FISMA security assessments. The purpose is to ensure that federal agencies receive consistent and competent assessments.

NIST expects to publish those qualifications in draft form in late June.

“They’re getting into uncharted territory,” said Lynn McNulty, director of government affairs at the International Information Systems Security Certification Consortium. “They’re getting involved with a credentialing program that involves something other than software and hardware modules.”

NIST held a public workshop April 26 to solicit ideas about to create a pool of service providers qualified to provide security assessments using FISMA standards and guidelines.


    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.