http://www.gcn.com/online/vol1_no1/46877-1.html By William Jackson GCN.com 08/14/08 The National Institute of Standards and Technology has updated its guidelines for mapping information in government information systems to categories that specify the types of security controls the data requires. The Federal Information Security Management Act requires that agencies assign levels of risk to information and information systems based on the likelihood and impact of exposure, modification or loss, and link the level of risk to appropriate security controls. The two-volume Special Publication 800-60 Revision 1, "Guide for Mapping Types of Information and Information Systems to Security Categories," is a revision of guidelines published in 2004. NIST also released for public comment a draft interagency report with test requirements for validating products for the Security Content Automation Protocol. Volume 1 of SP 800-60 Rev. 1 is a reference resource with basic guidance for mapping security categories. Not all of the material will be relevant to all agencies, NIST said. Volume 2 is a set of appendices that include security categorization recommendations and the rationale for categorizing various information types. [...] __________________________________________________ Visit Defcon Pics - Defcon Memory Repository http://www.defconpics.orgReceived on Fri Aug 15 2008 - 00:05:56 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 15 2008 - 00:21:28 PDT