New NIST pub can help IT managers assess security controls

July 10, 2008

A new publication released by the National Institute of Standards and Technology (NIST) on June 30 can help information system managers negotiate the often complex process of assessing security controls in their information systems. Although designed specifically to meet the needs of federal IT managers who must satisfy government requirements called for in the 2002 Federal Information Security Management Act (FISMA), the new guide can be useful to IT professionals across the industry.

The document, Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, is designed to assist managers in assessing the effectiveness of the security controls called for in NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems. SP 800-53 is one of the core documents supporting the Risk Management Framework that was developed for federal agencies by NIST as part of its FISMA responsibilities. SP 800-53 specifies a flexible and extensible process for selecting security controls for federal information systems in accordance with the mission and business functions being carried out by federal agencies.

The assessment procedures provided in SP 800-53A close the loop by defining a disciplined and structured process for determining if the security controls in federal information systems are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting organizational security policies.

"When security controls are less than fully effective," says Ron Ross, project leader, FISMA Implementation Project, "information system vulnerabilities can be exploited by adversaries to compromise the confidentiality, integrity and availability of information processed, stored and transmitted by the system."

For simplicity and ease of use, SP 800-53A lists the security controls from SP 800-53 together with the assessment procedures for those controls.

SP 800-53A authors developed additional tools and techniques for implementing the assessment procedures in SP 800-53A that will be available on the NIST Web site after July 25. NIST, working with security control assessors from the Departments of Energy, Justice and Transportation and the intelligence community, generated a suite of assessment cases based on SP 800-53A procedures. The cases provide additional assessor-related information that can be used for more consistent and cost-effective security control assessments.
-end-
SP 800-53A can be found at http://csrc.nist.gov/publications/PubsSPs.html#800-53A. After July 25, the assessor case studies will be at http://csrc.nist.gov/sec-cert.

National Institute of Standards and Technology (NIST)

Related Information Systems Articles from Brightsurf:

Nervous systems of insects inspire efficient future AI systems
Study explores functions of fruit fly's nervous system in food seeking / results valuable for the development and control of artificial intelligence.

New drug carrier systems
A UD research team has devised tiny cargo-carrying systems many times smaller than a human hair, made from molecules called peptides that help provide structure for cells and tissues.

Avoiding environmental losses in quantum information systems
New research published in EPJ D has revealed how robust initial states can be prepared in quantum information systems, minimising any unwanted transitions which lead to losses in quantum information.

Software of autonomous driving systems
Researchers at TU Graz and AVL focus on software systems of autonomous driving systems.

Hormone systems can still be adapted in adulthood
Behavioural biologists at M√ľnster University have now been able to demonstrate for the first time that male guinea pigs are still able to adapt their hormone systems to changes in their social environment in adulthood.

Fishing can disrupt mating systems
In many fish species body size plays an important role in sexual selection.

Recipe for neuromorphic processing systems?
The field of 'brain-mimicking' neuromorphic electronics shows great potential for basic research and commercial applications, and researchers in Germany and Switzerland recently explored the possibility of reproducing the physics of real neural circuits by using the physics of silicon.

Systems analysis for a new Arctic
A major new IIASA report highlights new and emerging policy trends in the Arctic, a region on the front lines of climate change, geopolitics, and global governance.

Making systems robust
Both nature and technology rely on integral feedback mechanisms to ensure that systems resist external perturbations.

Quantum systems: Same, but different
Remarkable rules have been detected in the apparent chaos of disequilibrium processes.

Read More: Information Systems News and Information Systems Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.