The New FISMA Standards and Guidelines---Changing the Dynamic of Information Security for the Federal Government
Ronald S. Ross
This manuscript describes the new Federal Information Security Management Act (FISMA) standards and guidelines being produced by the Computer Security Division at the National Institute of Standards and Technology in response to recent Congressional legislation. The flagship security standard, Federal Information Processing Standard (FIPS) Publication 199, in the suite of seven publications, provides an approach for categorizing Federal information and information systems according to the potential impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals should there be a breach in security resulting in the loss of confidentiality, integrity, or availability. Security categorization facilitates the selection of appropriate security controls for Federal information systems in order to adequately protect those systems from serious and ongoing threats. The FISMA-related security standards and guidelines are intended to help Federal agencies, build, implement, operate, and maintain more secure information systems including those systems that support and are a part of the critical infrastructure of the United States.
IEEE Journal for Security and Privacy
The New FISMA Standards and Guidelines---Changing the Dynamic of Information Security for the Federal Government, IEEE Journal for Security and Privacy
(Accessed February 27, 2024)