NIST revises guidance for assigning FISMA security categories

[InfoSec News <alerts () infosecnews org>]

http://www.gcn.com/online/vol1_no1/46877-1.html

By William Jackson
GCN.com
08/14/08

The National Institute of Standards and Technology has updated its 
guidelines for mapping information in government information systems to 
categories that specify the types of security controls the data 
requires.

The Federal Information Security Management Act requires that agencies 
assign levels of risk to information and information systems based on 
the likelihood and impact of exposure, modification or loss, and link 
the level of risk to appropriate security controls. The two-volume 
Special Publication 800-60 Revision 1, "Guide for Mapping Types of 
Information and Information Systems to Security Categories," is a 
revision of guidelines published in 2004.

NIST also released for public comment a draft interagency report with 
test requirements for validating products for the Security Content 
Automation Protocol.

Volume 1 of SP 800-60 Rev. 1 is a reference resource with basic guidance 
for mapping security categories. Not all of the material will be 
relevant to all agencies, NIST said. Volume 2 is a set of appendices 
that include security categorization recommendations and the rationale 
for categorizing various information types.

[...]


__________________________________________________      
Visit Defcon Pics - Defcon Memory Repository 
http://www.defconpics.org