Ross, R.
and Toth, P.
(2004),
Understanding the NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150234
(Accessed October 22, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Understanding the NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
Published
Author(s)
,
Abstract
This bulletin summarizes an article entitled "Understanding the New FISMA-Required NIST Standards and Guidelines" by Ron S. Ross, PhD. It highlights FIPS 199, "Standards for Security Categorization of Federal Information and Information Systems," which is NIST's flagship standard in support of the Federal Information Security Management Act (FISMA) of 2002. Users are provided with a high-level overview of how risk management principles can be applied to both new and legacy information systems within the System Development Life Cycle (SDLC).Citation
ITL Bulletin -
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
Federal Information Processing Standards, Federal Information Security Management Act, FISMA, information security, information system security, minimum security requirements, risk management, Risk Management Framework, SDLC, security categorization, security controls, System Development Life Cycle
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created November 1, 2004, Updated February 19, 2017