Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Assessing Federal and Commercial Information Security Needs (IT)



David F. Ferraiolo, D M. Gilbert, N Lynch


In a cooperative effort with government and industry, the National Institute of Standards and Technology (NIST) conducted a study to assess the current and future information technology (IT) security needs of the commercial, civil, and military sectors. The primary objectives of the study were to: a) determine a basic set of information protection policies and control objectives that pertain to the secure processing needs of organizations within all sectors; and b) identify protection requirements and technical approaches that are used, desired or sought so they can be considered for future federal standards and guidelines. The findings of this study address the basic security needs of IT product users, including system developers, end users, administrators, and evaluators. Security needs have been identified based on actual existing and well-understood security organizational practices.
NIST Interagency/Internal Report (NISTIR) - 4976
Report Number


Ferraiolo, D. , Gilbert, D. and Lynch, N. (1992), Assessing Federal and Commercial Information Security Needs (IT), NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD (Accessed April 14, 2024)
Created November 1, 1992, Updated February 19, 2017