Saturday, December 29, 2007

NIST Draft - Guide for Assessing the Security Controls in Federal Information Systems

Via Gcn.com -

The National Institute of Standards and Technology has released the final public draft of a framework that will assist agencies create the security assessments mandated by the Federal Information Security Management Act (FISMA).

Copies of Draft Special Publication 800-53A, "Guide for Assessing the Security Controls in Federal Information Systems," can be downloaded from the NIST site. NIST expects to publish the final edition in March.

SP 800-53A is an addendum to NIST SP 800-53, "Recommended Security Controls for Federal Information Systems." This addendum establishes a framework for assessing security controls. Both publications are extensions of Federal Information Processing Standard 200, the core document NIST produced to help agencies with FISMA.

This draft incorporates comments from the previous public drafts. Changes include updated assessment procedures, clarification of some chapters and a new set of assessment cases.

The agency is seeking comments until January 31, 2008.

NIST expects this document to be relevant for agency security professionals working as consultants, operational managers, program managers and product developers.

No comments:

Post a Comment