The National Institute of Standards and Technology recently released a draft of the last piece of guidance for agencies to determine the proper level of security on information systems. Released late last week by NIST’s Computer Security Division, “Special Publication 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories” provides the middle step for guidance and standards required under the Federal Information Security Management Act (FISMA) of 2002. NIST’s categories of security impact are based on draft Federal Information Processing Standard (FIPS) 199, which the division released in September. The goal of the guidance is to have agencies assign impact levels without considering potential security controls and countermeasures, but in October, NIST released another draft guide outlining minimum-security controls for each category. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.