ITL Bulletin: Understanding the New NIST Standards and Guidelines Required by FISMA; How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government [November 2004] [open pdf - 332KB]
This document is the Information Technology Laboratory (ITL) Bulletin for November 2004 from the National Institute of Standards and Technology (NIST). From the Introduction: "The Federal Information Security Management Act (FISMA) of 2002 places significant requirements on federal agencies, including the National Institute of Standards and Technology (NIST), for the protection of information and information systems. In response to this important legislation, NIST is leading the development of key information system security standards and guidelines as part of its FISMA Implementation Project. This high-priority project includes the development of security categorization standards, standards and guidelines for the specification, selection, and testing of security controls for information systems. The flagship standard among those being developed by NIST is Federal Information Processing Standards (FIPS) 199, 'Standards for Security Categorization of Federal Information and Information Systems', published in February 2004. This mandatory standard, applicable to non-national security systems as defined by FISMA, introduces some significant changes in how the U.S. Government protects its information and information systems, including those systems that comprise the nation's critical infrastructure."
National Institute of Standards and Technology Computer Security Resources Center: http://csrc.nist.gov/