NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Federal Agency Security Practices (FASP)

Welcome to the Federal Agency Security Practices (FASP) web site. The FASP effort was initiated as a result of the success of the Federal CIO Council's Federal Best Security Practices (BSP) pilot effort to identify, evaluate, and disseminate best practices for CIP and security. NIST's Computer Security Division was asked to undertake the transition of this pilot effort to an operational program. As a result, NIST developed this web site.

The FASP web site contains information on:

  • Agency Policies and Procedures
  • Public / Private / Academia Practices
  • Helpful Resources - CIO Pilot BSPs, Implementation Guides, FASP Contacts
  • List of Frequently Asked Questions

Submit A FASP

Agencies are encouraged to share their information technology (IT) security information and IT security practices and submit them for posting on the FASP site. Any information on position descriptions for security positions and statements of work for contracting security-related activities are also encouraged. Procedures for submission of FASPs can be found on the Submit FASP page.

Federal Computer Security Program Managers' Forum

With the support of the Federal Computer Security Program Managers' Forum, NIST offer this information sharing and collaborative endeavor as an educational resource for Federal security professionals. We solicit your participation and welcome your comments and suggestions.

Visit the Forum


NIST has designed this web site primarily as an educational resource for Federal security professionals. NIST makes no claim that use of the security practices will assure a successful outcome. Each Federal security professional should apply his or her own professional judgment when using a security practice.

Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by NIST nor does it imply that the products mentioned are necessarily the best available for the purpose.