FISMA and NIST - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

FISMA and NIST

Description:

National Institute of Standards and Technology. 1. FISMA and NIST. Marianne Swanson ... Marianne Swanson Patricia Toth (301) 975-3293 (301) 975-5140 ... – PowerPoint PPT presentation

Number of Views:187
Avg rating:3.0/5.0
Slides: 11
Provided by: secur85
Category:
Tags: fisma | nist | marianne

less

Transcript and Presenter's Notes

Title: FISMA and NIST


1
FISMA and NIST
  • Marianne Swanson
  • Computer Security Division

2
FISMA Tasks for NIST
  • Standards to be used by Federal agencies to
    categorize information and information systems
    based on the objectives of providing appropriate
    levels of information security according to a
    range of risk levels
  • Guidelines recommending the types of information
    and information systems to be included in each
    category
  • Minimum information security requirements
    (management, operational, and technical security
    controls) for information and information systems
    in each such category

3
Categorization StandardsNIST FISMA Requirement 1
  • Develop standards to be used by Federal agencies
    to categorize information and information systems
    based on the objectives of providing appropriate
    levels of information security according to a
    range of risk levels
  • Draft of Federal Information Processing Standards
    (FIPS) Publication 199, Standards for Security
    Categorization of Federal Information and
    Information Systems
  • Final Publication NLT December 2003

4
Mapping GuidelinesNIST FISMA Requirement 2
  • Develop guidelines recommending the types of
    information and information systems to be
    included in each category described in FIPS 199
  • Special Publication 800-60, Guide for Mapping
    Types of Federal Information and Information
    Systems to Security Categories
  • Workshop on July 31, 2003
  • First Draft available for review
  • Workshop on February 26 27, 2004
  • Final Publication NLT June 2004

5
Minimum Security RequirementsNIST FISMA
Requirement 3
  • Develop minimum information security requirements
    (i.e., management, operational, and technical
    security controls) for information and
    information systems in each such category
  • Planning underway by NIST to develop
  • Federal Information Processing Standards (FIPS)
    Publication 200, Minimum Security Controls for
    Federal Information and Information Systems
  • Final Publication NLT December 2005
  • NIST Special Publication 800-53, Minimum
    Security Controls for Federal Information and
    Information Systems, projected for final
    publication in June 2004, will provide interim
    guidance until completion and adoption of FIPS
    200.

6
NIST Special Publication 800-53A
  • Guide for Verifying the Effectiveness of Security
    Controls in Federal Information Systems
  • Verification techniques that correlate to the
    security controls in SP 800-53 (FIPS 200)
  • Projected first draft Spring 2004

7
NIST Special Publication 800-37
  • Guide for the Security Certification and
    Accreditation of Federal Information Systems

8
National Policy
  • Office of Management and Budget Circular A-130,
  • Management of Federal Information Resources
  • requires federal agencies to
  • Plan for security
  • Ensure that appropriate officials are assigned
    security responsibility
  • Authorize system processing prior to operations
    and periodically, thereafter

9
The Big Picture
Information Security Program
10
Contact Information
  • 100 Bureau Drive Mailstop 8930
  • Gaithersburg, MD USA 20899-8930
  • Program Manager Assessment Scheme
  • Dr. Ron S. Ross Arnold Johnson
  • (301) 975-5390 (301) 975-3247
  • rross_at_nist.gov arnold.johnson_at_nist.gov
  • Special Publications Organization
    Accreditations
  • Marianne Swanson Patricia Toth
  • (301) 975-3293 (301) 975-5140
  • marianne.swanson_at_nist.gov patricia.toth_at_nist.gov
  • Govt and Industry Outreach Technical Advisor
  • Dr. Stu Katzke Gary Stoneburner
  • (301) 975-4768 (301) 975-5394
  • skatzke_at_nist.gov gary.stoneburner_at_nist.gov
  • Comments to sec-cert_at_nist.gov
  • World Wide Web http//csrc.nist.gov/sec-cert
Write a Comment
User Comments (0)
About PowerShow.com