NIST issues computer security guidelines for federal agencies
- February 19, 2004
Released on Feb. 10, the standard is used to calculate the impact of a loss of integrity, confidentiality or availability of agency computer systems and data.
"This starts the whole process," said Stu Katzke, a scientist with NIST's computer-security division, adding that agencies previously had to choose their own guidelines to establish security needs.
Standards on security certification and accreditation for federal systems are expected to be finalized later this spring.
Guidance on categorizing secure systems is expected in August and on actual security controls in December.