Draft Guidelines Released for IT Security Controls
For Immediate Release: July 26, 2005
Contact: Michael Baum
To help federal agencies comply with the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) issued Special Publication 800-53, Recommended Security Controls for Federal Information Systems, in February 2005. NIST SP 800-53 provides guidance on selecting security controls for information systems in key areas such as risk assessment, contingency planning, and identification and authentication. A companion document, NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, has been drafted to help agencies take the next step: assessing the effectiveness of security controls once they are in place. NIST invites public comments on this draft guideline until 5 p.m. Eastern Daylight Time on Aug. 31, 2005. NIST SP 800-53A, and instructions on how to submit comments on it, may be found at http://csrc.nist.gov/publications/drafts.html.