The National Institute of Standards and Technology has released the final standard for securing agency computer systems under the Federal Information Security Management Act. Federal Information Processing Standard 200 [1] sets minimum security requirements for federal systems in 17 security areas. It is the third of three publications required from NIST under FISMA, which requires
executive branch agencies to establish consistent, manageable IT security programs for non-national security systems. The intent of FISMA is to implement risk-based processes for selecting and
implementing security controls.
FIPS 199 [2], released two years ago, establishes standards for categorizing IT systems as low, moderate or high-impact, depending on the effect of a breach of confidentiality, integrity or availability of the system. Special Publication 800-53 [3] - "Recommended Security Controls for Federal Information Systems", lays out the tools to be used under FIPS 200 to secure IT systems. Agencies must be in compliance with FIPS 200 by March 2007.
The link for this article located at Government Computer News is no longer available.