Draft Guidelines Released for IT Security Controls

To help federal agencies comply with the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) issued Special Publication 800-53, Recommended Security Controls for Federal Information Systems, in February 2005. NIST SP 800-53 provides guidance on selecting security controls for information systems in key areas such as risk assessment, contingency planning, and identification and authentication. A companion document, NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, has been drafted to help agencies take the next step: assessing the effectiveness of security controls once they are in place. NIST invites public comments on this draft guideline until 5 p.m. Eastern Daylight Time on Aug. 31, 2005. NIST SP 800-53A, and instructions on how to submit comments on it, may be found at http://csrc.nist.gov/publications/drafts.html.