After a public comment period, the National Institute of
Standards and Technology (NIST) has published an updated set of
guidelines for developing security assessment plans and associated
security control assessment procedures that are consistent with the
Federal Information Security Management Act (FISMA).
The revised Guide for Assessing Security Controls in Federal
Information Systems and Organizations (NIST Special Publication
800-53A, Revision 1) reflects the most recent, third revision of
Recommended Security Controls for Federal Information Systems and
Organizations (NIST Special Publication 800-53, Revision 3), one of the
principal documents for FISMA implementation. Changes in the guide are
part of a larger strategic initiative to focus on enterprise-wide, near
real-time risk management. The guideline includes security control
assessment procedures for both national security and non-national
security systems and is intended to support a variety of assessment
activities in all phases of the system development life cycle, including
development, implementation and operation.
This new publication is the third in a series of special publications
that NIST has produced with its partners in the Joint Task Force
Transformation Initiative Working Group—the Office of the Director of
National Intelligence (ODNI), the Department of Defense (DOD) and the
Committee on National Security Systems (CNSS). The Joint Task Force's
goal is to develop a unified information security framework for the
federal government and its contractors.
More details are available in the May 11, 2010, NIST Tech Beat
article "Comments Sought on Updated Guide for Assessing Federal IT
Security Controls" at http://www.nist.gov/public_affairs/techbeat/tb2010_0511.htm#security.
SP 800-53A, Revision 1, can be downloaded in PDF format from http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf.
Media Contact: Evelyn Brown, email@example.com,