U.S.
Commerce Secretary Donald L. Evans today announced a new standard
to help federal agencies better protect their computer networks.
The standard provides a new way to categorize government information
and information systems.
“Protecting
our government networks remains a critical priority for this
administration,” said Evans. “This new standard
will help agencies better handle security threats by providing
better information and guidance to federal agencies so they
can make sound decisions.”
Computer
security specialists at the Commerce Department’s National
Institute of Standards and Technology (NIST) developed the
standard following passage of the Federal Information Security
Management Act (FISMA) of 2002. Federal Information Processing
Standard (FIPS) 199, Standards
for the Security Categorization of Federal Information and
Information Systems (.pdf), introduces
significant changes in how the federal government protects
information and the computerized networks that store information.
The standard
includes criteria to be used by civilian agencies in categorizing
information and information systems, providing appropriate
levels of security according to a range of impact levels.
Under the standard, civilian agencies will assess the potential
impact on their missions that would result from a security
breach due to loss of confidentiality (unauthorized disclosure
of information), integrity (unauthorized modification of information)
or availability (denial of service).
The mandatory
standard will be a critical component of an agency’s
risk management program. As required by FISMA, NIST also is
developing a companion standard that will specify minimum-security
requirements for all federal information systems. A draft
of that standard was published by NIST in 2003 for public
comment. Together, these two standards will help ensure that
appropriate, cost-effective security measures are put in place
for each federal information system. NIST also has produced
a variety of computer security guidelines that may be used
in conjunction with the new standard.
The
standard applies to federal non-national security systems.
Classified systems use other standards.
A copy
of the standard is available at http://csrc.nist.gov.
As a
non-regulatory agency of the U.S. Department of Commerce’s
Technology Administration, NIST develops and promotes measurement,
standards and technology to enhance productivity, facilitate
trade and improve the quality of life.
 Go
back to NIST News Page
|
