Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

NIST releases draft security standard

From: InfoSec News <isn () c4i org>
Date: Mon, 19 May 2003 01:36:23 -0500 (CDT)
http://www.fcw.com/fcw/articles/2003/0512/web-nist-05-16-03.asp

By Diane Frank 
May 16, 2003

The National Institute of Standards and Technology's Computer Security 
Division today released the draft of a new Federal Information 
Processing Standard, FIPS 199, which dictates how agencies should 
categorize their systems based on the security risk faced by each.

The standard is the first step in several requirements generated by 
NIST under the Federal Information Security Management Act (FISMA) of 
2002, all aimed at setting minimum security requirements for all 
government systems not related to national security.

The draft outlines three categories of risk, which are based on the 
potential impact of a breach in three areas: the confidentiality, 
integrity and availability of the information in the system.

NIST chose to focus on impact because every federal system faces some 
level of threat, and that threat changes every day, said Ed Roback, 
chief of the NIST Computer Security Division. Therefore, the most 
prudent path to follow is to base categorization on the potential harm 
to the agency and to the people whose information is stored in the 
system, he said.

Comments on the draft are due within 90 days, and can be submitted to 
fips.comments () nist gov.

The next steps for NIST will be to issue guidance on how different 
types of information -- such as medical, judicial and geospatial -- 
align with the three categories, and to then set guidance for the 
minimum security steps to be taken based on the categories, Roback 
said.

-=- 
 
Draft FIPS 199: Standards for Security Categorization of Federal 
Information and Information Systems (PDF)
http://csrc.nist.gov/publications/drafts/FIPS-PUB-199-ipd.pdf


FISMA (PDF)
http://csrc.nist.gov/policies/HR2458-final.pdf


NIST Computer Security Resource Center 
http://csrc.nist.gov/



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: