|
[networknewsletters]
||
[Date Prev]
[10-2004 Date Index]
[Date Next]
||
[Thread Prev]
[10-2004 Thread Index]
[Thread Next]
NIST details minimum security controls
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Thu, 14 Oct 2004 09:00:00 -0400
*************************************************************
Educational CyberPlayGround http://www.edu-cyberpg.com/
Network Newsletters Mailing List
**************************************************************
Network Newsletters Mailing List Service
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/NetworkNewsletters.html>
************************************************************** NIST details
minimum security controls
http://www.fcw.com/fcw/articles/2004/1011/web-nist-10-11-04.asp
By Florence Olsen
Oct. 11, 2004
Guidelines for setting computer security controls to protect federal
information systems are described in a new publication from the
National Institute of Standards and Technology. NIST officials said
the document forms the basis for security controls that will become
mandatory in December 2005.
The 88-page publication, known as Special Publication 800-53 [1],
spells out the minimum security controls that federal agency officials
must use to comply with the statutory requirements of the Federal
Information Security Management Act of 2002, which applies to all
federal information systems that are not national security systems.
The document, which NIST officials released late last month, is the
second version of a draft that NIST officials revised after receiving
public comments.
The latest document, still not considered final, will be available
until Nov. 30 for the public to review and submit additional
suggestions for revision. NIST officials said they are especially
interested in receiving comments about the cost and potential impact
that the recommended computer security controls could have on federal
agencies.
The document describes not only technical controls, such as
intrusion-detection tools, but also a multitude of recommended
management and operational controls for safeguarding the
confidentiality, integrity and availability of federal information and
the systems that provide that information.
Recommended controls vary, depending on the importance of a particular
information system to an agency's mission. But the list is extensive
and includes 17 categories of security controls. Among them are access
and audit controls, configuration management, user identification and
authentication, and media protection.
The guidelines suggest that minimum security controls required for
broad classes of information systems, whether they are classified as
high, moderate or low-risk, can be centrally managed and the costs
amortized across multiple systems.
[1] http://csrc.nist.gov/publications/drafts/SP800-53-Draft2nd.pdf
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp
HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp
Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
