[ISN] NIST releases draft security standard

From: InfoSec News (isnat_private)
Date: Sun May 18 2003 - 23:36:23 PDT

  • Next message: InfoSec News: "[ISN] Program needs volunteer terrorists"

    http://www.fcw.com/fcw/articles/2003/0512/web-nist-05-16-03.asp
    
    By Diane Frank 
    May 16, 2003
    
    The National Institute of Standards and Technology's Computer Security 
    Division today released the draft of a new Federal Information 
    Processing Standard, FIPS 199, which dictates how agencies should 
    categorize their systems based on the security risk faced by each.
    
    The standard is the first step in several requirements generated by 
    NIST under the Federal Information Security Management Act (FISMA) of 
    2002, all aimed at setting minimum security requirements for all 
    government systems not related to national security.
    
    The draft outlines three categories of risk, which are based on the 
    potential impact of a breach in three areas: the confidentiality, 
    integrity and availability of the information in the system.
    
    NIST chose to focus on impact because every federal system faces some 
    level of threat, and that threat changes every day, said Ed Roback, 
    chief of the NIST Computer Security Division. Therefore, the most 
    prudent path to follow is to base categorization on the potential harm 
    to the agency and to the people whose information is stored in the 
    system, he said.
    
    Comments on the draft are due within 90 days, and can be submitted to 
    fips.commentsat_private
    
    The next steps for NIST will be to issue guidance on how different 
    types of information -- such as medical, judicial and geospatial -- 
    align with the three categories, and to then set guidance for the 
    minimum security steps to be taken based on the categories, Roback 
    said.
    
    -=- 
     
    Draft FIPS 199: Standards for Security Categorization of Federal 
    Information and Information Systems (PDF)
    http://csrc.nist.gov/publications/drafts/FIPS-PUB-199-ipd.pdf
    
    
    FISMA (PDF)
    http://csrc.nist.gov/policies/HR2458-final.pdf
    
    
    NIST Computer Security Resource Center 
    http://csrc.nist.gov/
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon May 19 2003 - 02:08:23 PDT