Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines for Identifying an Information System as a National Security System

Published

Author(s)

William C. Barker

Abstract

This document provides guidelines developed in conjunction with the Department of Defense, including the National Security Agency, for identifying an information system as a national security system. The basis for these guidelines is the Federal Information Security Management Act of 2002 (FISMA, Title III, Public Law 107-347, December 17, 2002), which provides government-wide requirements for information security, superseding the Government Information Security Reform Act and the Computer Security Act. In addition to defining the term national security system FISMA amended the NIST Act, at 15 U.SC. 278g-3(b)(3), to require NIST to provide guidelines for identifying an information system as a national security system. As stated in the House Committee report, "This guidance is not to govern such systems, but rather to ensure that agencies receive consistent guidance on the identification of systems that should be governed by national security system requirements" (Report of the Committee on Government Reform, U. S House of Representatives, Report 107-787, November 14, 2002, p. 85). Accordingly, the purpose of these guidelines is not to establish requirements for national security systems, but rather to assist agencies in determining which, if any, of their systems are national security systems as defined by FISMA and are to be governed by applicable requirements for such systems, issued in accordance with law and as directed by the President. The guideline includes definitions of relevant terms, the legal or administrative basis for the definitions, a checklist to be used in determining whether or not a system is a national security system, and guidelines for completion of the checklist.
Citation
Special Publication (NIST SP) - 800-59
Report Number
800-59

Keywords

computer security, national security systems

Citation

Barker, W. (2003), Guidelines for Identifying an Information System as a National Security System, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151282 (Accessed October 3, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 20, 2003, Updated February 19, 2017