go to NIST home page go to Division/CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home pageCSRC and computer security division home page link
header image with links

Homepage

 Advisories

List of Acroynms

   Projects
Cryptographic Standards
      & Applications
  
 - AES
 - Cryptographic Toolkit
 - KRDP
 - PKI
 - RNG

Security Testing
 - CMVP
 - IPSec
 - NIAP

Security Research &
      Emerging Technology

 - AM&AACM
 - CIPGP
 - Common Criteria
 - ICAT Vuln. Database
 - IPSec
 - MAID&S

Security Management
     & Guidance

 - CSEAT
 - Policies
 - Security Guidance

Outreach, Awareness
      & Education

 - Awareness, Training
     & Education
 - CSRC
 - CSSPAB
 - FASP
 - FCSPMF

 - FISSEA
 - Regional Security
    Awareness Meetings
 - Archive of NISSC

    News & Events  
 - Federal News
 - Events


    Services For the:  
 - Federal Community
 - Vendor
 - User


    Links & Organizations  
 - Academic
 - Government
 - Professional
 - Additional Links

    General Information
 - Virus Information

  Search CSRC
  
  
  Search Vulnerability
     Archive
Enter vendor, software, or keyword


February 22, 2000

MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES

FROM: John Podesta, Chief of Staff
SUBJECT: Security of Federal Information Systems

In light of recent events regarding the security of government web sites, I want to remind you that each agency is required to maintain adequate security of all information systems -- especially those that are publicly accessible.  The importance of this cannot be overstated.

The Chief Information Officers Council, the National Institute of Standards and Technology (NIST) and the General Services Administration (GSA) are working together to assist you in improving computer security and critical infrastructure protection.  They are developing performance measures to assess computer security programs, compiling sample policies and best practices to share across government, and developing ways to facilitate the timely installation of security patches for known vulnerabilities.

Technical and operational security guidance is available to protect your web sites and computer systems.  Please ensure that your staff is following the guidance from NIST and GSA's Federal Computer Incident Response Capability which may be found on their respective websites -- http://csrc.nist.gov and http://www.fedcirc.gov.

All agency security practices should be consistent with NIST/GSA guidance and with the security policies issued by the Office of Management and Budget.  In addition, the security practices for your national security systems should comport with applicable guidance for those systems.  Thank you.

 

Last updated: December 27, 2001
Page created: February 23, 2001

Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to secpolicies-info@nist.gov
NIST is an Agency of the U.S. Commerce Department's
Technology Administration