NIST issues computer security guidelines for federal agencies

The National Institute of Standards and Technology has issued the first in a series of standards and guidelines designed to help federal agencies implement a 2002 law mandating greater government computer security.

Released on Feb. 10, the standard is used to calculate the impact of a loss of integrity, confidentiality or availability of agency computer systems and data.

"This starts the whole process," said Stu Katzke, a scientist with NIST's computer-security division, adding that agencies previously had to choose their own guidelines to establish security needs.

Standards on security certification and accreditation for federal systems are expected to be finalized later this spring.

Guidance on categorizing secure systems is expected in August and on actual security controls in December.