Computer guide may boost security testing efficiency

June 08, 2007

Providing strong security for complex federal information systems is a challenging job. But now there's a new version of a draft guide* for assessing the effectiveness of security of controls in federal information systems from the National Institute of Standards and Technology (NIST) that aims to make the job easier. The content of the new guide is expected to be incorporated into automated tools that support the information security programs of federal agencies.

The 387-page guide is designed to help information system owners and security managers ensure that appropriate computer security controls work as intended to protect information systems from being improperly accessed or compromised. NIST will accept comments on the draft document through July 31, 2007. Comments should be emailed to sec-cert@nist.gov or mailed to NIST at 100 Bureau Dr., M.S. 8930, Gaithersburg, Md. 20899-8930.

The guide is a companion document to NIST Special Publication 800-53, Minimum Security Controls for Federal Information Systems, which spells out the types of security controls such as user authentication, spam protection, cryptography and transmission confidentiality that must be used to protect federal information systems. The Federal Information Security Management Act (FISMA) of 2002 instructs NIST to prepare minimum computer security requirements for all federal information systems other than national security systems.

"The assessment requirements presented in this latest draft are intended to make compliance with FISMA easier, more efficient and ultimately to produce better computer and information security for the federal government," noted NIST's FISMA Implementation Project Leader Ron Ross.

Key changes to the document since the previous draft include: The report includes a comprehensive catalog of assessment procedures matched to specific types of security controls. To download a copy, go to http://csrc.nist.gov/publications/drafts/800-53A/SP-800-53A-tpd-final-sz.pdf.
-end-
* Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans, (NIST SP 800-53A), June 2007, pp. 387.

National Institute of Standards and Technology (NIST)

Related Computer Articles from Brightsurf:

UCLA computer scientists set benchmarks to optimize quantum computer performance
Two UCLA computer scientists have shown that existing compilers, which tell quantum computers how to use their circuits to execute quantum programs, inhibit the computers' ability to achieve optimal performance.

Digitize your dog into a computer game
Researchers from CAMERA at the University of Bath have developed motion capture technology that enables you to digitise your dog without a motion capture suit and using only one camera.

Stabilizing brain-computer interfaces
Researchers from Carnegie Mellon University (CMU) and the University of Pittsburgh (Pitt) have published research in Nature Biomedical Engineering that will drastically improve brain-computer interfaces and their ability to remain stabilized during use, greatly reducing or potentially eliminating the need to recalibrate these devices during or between experiments.

Computer-generated genomes
Professor Beat Christen, ETH Zurich to speak in the AAAS 2020 session, 'Synthetic Biology: Digital Design of Living Systems.' Christen will describe how computational algorithms paired with chemical DNA synthesis enable digital manufacturing of biological systems up to the size of entire microbial genomes.

Computer-based weather forecast: New algorithm outperforms mainframe computer systems
The exponential growth in computer processing power seen over the past 60 years may soon come to a halt.

A computer that understands how you feel
Neuroscientists have developed a brain-inspired computer system that can look at an image and determine what emotion it evokes in people.

Computer program looks five minutes into the future
Scientists from the University of Bonn have developed software that can look minutes into the future: The program learns the typical sequence of actions, such as cooking, from video sequences.

Computer redesigns enzyme
University of Groningen biotechnologists used a computational method to redesign aspartase and convert it to a catalyst for asymmetric hydroamination reactions.

Mining for gold with a computer
Engineers from Texas A&M University and Virginia Tech report important new insights into nanoporous gold -- a material with growing applications in several areas, including energy storage and biomedical devices -- all without stepping into a lab.

Teaching quantum physics to a computer
An international collaboration led by ETH physicists has used machine learning to teach a computer how to predict the outcomes of quantum experiments.

Read More: Computer News and Computer Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.