[ISN] NIST invites comment on draft standard

From: InfoSec News (isn@private)
Date: Tue Jul 19 2005 - 01:49:27 PDT

Previous message: InfoSec News: "[ISN] Cost of US cyber attacks plummets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.fcw.com/article89611-07-18-05-Web

By Florence Olsen
July 18, 2005 

Computer scientists at the National Institute of Standards and
Technology have released draft versions of two documents that they
consider to be among the most important in a recent series of NIST
documents on information security.

One is a small publication describing minimum security requirements
that will become mandatory after the Commerce Department secretary
signs the document, as he is expected to do at the end of this year.  
That document is "Draft Federal Information Processing Standard (FIPS)  
Publication 200: Minimum Security Requirements for Federal Information
and Information Systems." [1]

A second document, "Draft Special Publication 800-53A: Guide for
Assessing the Security Controls in Federal Information Systems," [2]
is a 152-page guide to developing a cost-effective information
security program based an agency's assessment of its risks.

Both documents are meant to help federal agencies secure their
information systems and comply with the Federal Information Security
Management Act (FISMA) of 2002, NIST officials said.

"We have attempted to provide a security standard that establishes a
level of security due diligence for federal agencies in protecting
their information and information systems," Ron Ross, project leader
for NIST's FISMA Implementation Project, writes in the introduction to
"FIPS Publication 200."

NIST will accept comments on "Draft Special Publication 800-53A" until
5 p.m. EDT Aug. 31 at sec-cert@private Comments on "Draft FIPS
Publication 200" will be accepted until 5 p.m. EDT Sept. 13 at
draftfips200.nist.gov.

[1] http://csrc.nist.gov/publications/drafts/FIPS-200-ipd-07-13-2005.pdf
[2] http://csrc.nist.gov/publications/drafts/sp800-53A-ipd.pdf



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com

Previous message: InfoSec News: "[ISN] Cost of US cyber attacks plummets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Jul 19 2005 - 02:00:45 PDT