NIST details minimum security controls

Guidelines for setting computer security controls to protect federal information systems are described in a new publication from the National Institute of Standards and Technology. NIST officials said the document forms the basis for security controls that will become mandatory in December 2005. The 88-page publication, known as Special Publication 800-53, spells out the minimum security controls that federal agency officials must use to comply with the statutory requirements of the Federal Information Security Management Act of 2002, which applies to all federal information systems that are not national security systems. The document, which NIST officials released late last month, is the second version of a draft that NIST officials revised after receiving public comments. The latest document, still not considered final, will be available until Nov. 30 for the public to review and submit additional suggestions for revision. NIST officials said they are especially interested in receiving comments about the cost and potential impact that the recommended computer security controls could have on federal agencies. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.