NIST sets FISMA Standards For Federal IT Systems

    Date17 Mar 2006
    Posted ByBrittany Day
    The National Institute of Standards and Technology has released the final standard for securing agency computer systems under the Federal Information Security Management Act. Federal Information Processing Standard 200 [1] sets minimum security requirements for federal systems in 17 security areas. It is the third of three publications required from NIST under FISMA, which requires executive branch agencies to establish consistent, manageable IT security programs for non-national security systems. The intent of FISMA is to implement risk-based processes for selecting and implementing security controls.

    FIPS 199 [2], released two years ago, establishes standards for categorizing IT systems as low, moderate or high-impact, depending on the effect of a breach of confidentiality, integrity or availability of the system. Special Publication 800-53 [3] - "Recommended Security Controls for Federal Information Systems", lays out the tools to be used under FIPS 200 to secure IT systems. Agencies must be in compliance with FIPS 200 by March 2007.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.