RealNews

Feds finalize standards for rating security risk

The Commerce Department has approved a new Federal Information Processing Standard for categorizing security risks to government information and systems. The National Institute of Standards and Technology developed FIPS 199 as required by the Federal Information Security Management Act. FISMA mandates that agencies evaluate and provide security programs for IT. The new standard spells out how agencies will categorize information and systems based on a range of risk levels. It also provides a common framework for discussing security issues. The standard takes effect today and is compulsory for evaluation of unclassified information and for information systems not designated for national security. NIST in May published a draft of FIPS 199 for public comment. During the three-month comment period, the agency received 13 comments from the private sector, 18 from federal organizations and one from the Canadian government. The agency changed several terms in the final document as a result of the comments, NIST officials said. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.