NIST invites comment on draft standard

Minimum security requirements for information systems will become mandatory once signed by Commerce Department secretary.

NIST Draft Special Publication 800-53A

Computer scientists at the National Institute of Standards and Technology have released draft versions of two documents that they consider to be among the most important in a recent series of NIST documents on information security.

One is a small publication describing minimum security requirements that will become mandatory after the Commerce Department secretary signs the document, as he is expected to do at the end of this year. That document is "Draft Federal Information Processing Standard (FIPS) Publication 200: Minimum Security Requirements for Federal Information and Information Systems."

A second document, "Draft Special Publication 800-53A: Guide for Assessing the Security Controls in Federal Information Systems," is a 152-page guide to developing a cost-effective information security program based an agency’s assessment of its risks.

Both documents are meant to help federal agencies secure their information systems and comply with the Federal Information Security Management Act (FISMA) of 2002, NIST officials said.

“We have attempted to provide a security standard that establishes a level of security due diligence for federal agencies in protecting their information and information systems,” Ron Ross, project leader for NIST’s FISMA Implementation Project, writes in the introduction to "FIPS Publication 200."

NIST will accept comments on "Draft Special Publication 800-53A" until 5 p.m. EDT Aug. 31 at sec-cert@nist.gov. Comments on "Draft FIPS Publication 200" will be accepted until 5 p.m. EDT Sept. 13 at draftfips200.nist.gov.