1 / 9

FISMA and NIST

FISMA Tasks for NIST. Standards to be used by Federal agencies to categorize information and information systems based on the objectives of providing appropriate levels of information security according to a range of risk levelsGuidelines recommending the types of information and information system

nevin
Download Presentation

FISMA and NIST

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. FISMA and NIST Marianne Swanson Computer Security Division

    2. FISMA Tasks for NIST Standards to be used by Federal agencies to categorize information and information systems based on the objectives of providing appropriate levels of information security according to a range of risk levels Guidelines recommending the types of information and information systems to be included in each category Minimum information security requirements (management, operational, and technical security controls) for information and information systems in each such category

    3. Categorization Standards NIST FISMA Requirement #1 Develop standards to be used by Federal agencies to categorize information and information systems based on the objectives of providing appropriate levels of information security according to a range of risk levels— Draft of Federal Information Processing Standards (FIPS) Publication 199, “Standards for Security Categorization of Federal Information and Information Systems” Final Publication NLT December 2003

    4. Mapping Guidelines NIST FISMA Requirement #2 Develop guidelines recommending the types of information and information systems to be included in each category described in FIPS 199 Special Publication 800-60, “Guide for Mapping Types of Federal Information and Information Systems to Security Categories” Workshop on July 31, 2003 First Draft available for review Workshop on February 26 – 27, 2004 Final Publication NLT June 2004

    5. Minimum Security Requirements NIST FISMA Requirement #3 Develop minimum information security requirements (i.e., management, operational, and technical security controls) for information and information systems in each such category— Planning underway by NIST to develop: Federal Information Processing Standards (FIPS) Publication 200, “Minimum Security Controls for Federal Information and Information Systems”* Final Publication NLT December 2005 * NIST Special Publication 800-53, “Minimum Security Controls for Federal Information and Information Systems”, projected for final publication in June 2004, will provide interim guidance until completion and adoption of FIPS 200.

    6. NIST Special Publication 800-53A Guide for Verifying the Effectiveness of Security Controls in Federal Information Systems Verification techniques that correlate to the security controls in SP 800-53 (FIPS 200) Projected first draft – Spring 2004

    7. NIST Special Publication 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems

    8. National Policy Office of Management and Budget Circular A-130, Management of Federal Information Resources requires federal agencies to: Plan for security Ensure that appropriate officials are assigned security responsibility Authorize system processing prior to operations and periodically, thereafter

    9. The Big Picture

    10. Contact Information 100 Bureau Drive Mailstop 8930 Gaithersburg, MD USA 20899-8930 Program Manager Assessment Scheme Dr. Ron S. Ross Arnold Johnson (301) 975-5390 (301) 975-3247 rross@nist.gov arnold.johnson@nist.gov Special Publications Organization Accreditations Marianne Swanson Patricia Toth (301) 975-3293 (301) 975-5140 marianne.swanson@nist.gov patricia.toth@nist.gov Gov’t and Industry Outreach Technical Advisor Dr. Stu Katzke Gary Stoneburner (301) 975-4768 (301) 975-5394 skatzke@nist.gov gary.stoneburner@nist.gov Comments to: sec-cert@nist.gov World Wide Web: http://csrc.nist.gov/sec-cert

More Related