Request for Comments: NIST Categorization Draft Standards

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

The Federal Register on Friday contained a notice
(http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo.gov/2003/pdf/03-12319.pdf)
whereby NIST is requesting comments on the draft of "Federal Information
Processing Standard 199, Standards for Security Categorization of
Federal Information and Information Systems" available at
http://csrc.nist.gov/publications/drafts/FIPS-PUB-199-ipd.pdf. The draft
was developed in response to tasking to NIST under the Federal
Information Security Management Act of 2002
(http://csrc.nist.gov/policies/HR2458-final.pdf). Comments are due by
August 14, 2003, to fips.comments () nist gov.

Although the "draft standards" concern Federal information systems, it
would behoove the higher education community to participate in the
standards activities of NIST since the resulting Federal standards may
be beneficial to colleges and universities.  Furthermore, the standards
may be imposed upon institutions in the absence of any other models or
authority, potentially in the context of federal contracts and grants.
The NIST standards are increasingly looked to by state government
agencies, auditors, and other authorities who are seeking benchmarks.
You may recall an item in the earlier Draft of the National Strategy to
Secure Cyberspace suggesting that colleges and universities should
consider adopting NIST standards (particularly for self-assessment) or
developing our own.

We would welcome discussion of the Draft NIST standards on this list or
encourage your submission of comments directly to fips.comments () nist gov

Rodney Petersen
Project Director, Security Task Force

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.