NIST issues draft federal information security standards

The National Institute of Standards and Technology (NIST) has issued an initial draft of recommended security controls for federal information systems and is seeking public comments for the next three months.

The controls outlined in the document will be published in the fall of 2005 and will be mandatory for all systems at civilian federal agencies, except those designated for national security.

NIST is advising private-sector organizations that operate components of critical infrastructure to review the draft.

The guidelines, once modified from agency and public comments, will be the basis for NIST's Federal Information Processing Standard. A 2002 information security law requires NIST to develop that standard.