Resources for Federal Information Security Management Act (FISMA)

NIST readies guidance on IT security assessments

www.gcn.com

The National Institute of Standards and Technology has finished the third and possibly final draft of its revised guidelines for assessing the adequacy of IT security. Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, will be released for comment June 4.NIST is charged under the Federal Information Security Management Act with developing standards and guidance for implementing IT security programs. SP 800-53 is part of a series of documents developed for selecting the proper level and types of IT security controls. The core of the series is Federal Information Processing Standard 200, which establishes minimum security requirements under FISMA. Once those requirements have been established, agencies select the appropriate set of controls from NIST SP 800-53, Recommended Security Controls for Federal Information Systems. SP 800-53A is an addendum that sets out the framework for conducting mandatory assessments of security controls required under FISMA.

View the Resource

Share or bookmarklet this web page at: