By Florence Olsen
July 18, 2005
Computer scientists at the National Institute of Standards and
Technology have released draft versions of two documents that they
consider to be among the most important in a recent series of NIST
documents on information security.
One is a small publication describing minimum security requirements
that will become mandatory after the Commerce Department secretary
signs the document, as he is expected to do at the end of this year.
That document is "Draft Federal Information Processing Standard (FIPS)
Publication 200: Minimum Security Requirements for Federal Information
and Information Systems." 
A second document, "Draft Special Publication 800-53A: Guide for
Assessing the Security Controls in Federal Information Systems," 
is a 152-page guide to developing a cost-effective information
security program based an agency's assessment of its risks.
Both documents are meant to help federal agencies secure their
information systems and comply with the Federal Information Security
Management Act (FISMA) of 2002, NIST officials said.
"We have attempted to provide a security standard that establishes a
level of security due diligence for federal agencies in protecting
their information and information systems," Ron Ross, project leader
for NIST's FISMA Implementation Project, writes in the introduction to
"FIPS Publication 200."
NIST will accept comments on "Draft Special Publication 800-53A" until
5 p.m. EDT Aug. 31 at firstname.lastname@example.org. Comments on "Draft FIPS
Publication 200" will be accepted until 5 p.m. EDT Sept. 13 at
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.