Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

NIST invites comment on draft standard
From: InfoSec News <isn () c4i org>
Date: Tue, 19 Jul 2005 03:49:27 -0500 (CDT)
http://www.fcw.com/article89611-07-18-05-Web

By Florence Olsen
July 18, 2005 

Computer scientists at the National Institute of Standards and
Technology have released draft versions of two documents that they
consider to be among the most important in a recent series of NIST
documents on information security.

One is a small publication describing minimum security requirements
that will become mandatory after the Commerce Department secretary
signs the document, as he is expected to do at the end of this year.  
That document is "Draft Federal Information Processing Standard (FIPS)  
Publication 200: Minimum Security Requirements for Federal Information
and Information Systems." [1]

A second document, "Draft Special Publication 800-53A: Guide for
Assessing the Security Controls in Federal Information Systems," [2]
is a 152-page guide to developing a cost-effective information
security program based an agency's assessment of its risks.

Both documents are meant to help federal agencies secure their
information systems and comply with the Federal Information Security
Management Act (FISMA) of 2002, NIST officials said.

"We have attempted to provide a security standard that establishes a
level of security due diligence for federal agencies in protecting
their information and information systems," Ron Ross, project leader
for NIST's FISMA Implementation Project, writes in the introduction to
"FIPS Publication 200."

NIST will accept comments on "Draft Special Publication 800-53A" until
5 p.m. EDT Aug. 31 at sec-cert () nist gov  Comments on "Draft FIPS
Publication 200" will be accepted until 5 p.m. EDT Sept. 13 at
draftfips200.nist.gov.

[1] http://csrc.nist.gov/publications/drafts/FIPS-200-ipd-07-13-2005.pdf
[2] http://csrc.nist.gov/publications/drafts/sp800-53A-ipd.pdf



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com

  By Date           By Thread  

Current thread:
  • NIST invites comment on draft standard InfoSec News (Jul 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]