go to NIST home page go to Division/CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home pageCSRC and computer security division home page link
header image with links



List of Acroynms

Cryptographic Standards
      & Applications
 - AES
 - Cryptographic Toolkit
 - PKI
 - RNG

Security Testing
 - IPSec

Security Research &
      Emerging Technology


 - NVD Database
 - IPSec

Security Management
     & Guidance

 - Policies
 - Security Guidance

Outreach, Awareness
      & Education

 - Awareness, Training
     & Education

 - Regional Security
    Awareness Meetings
 - Archive of NISSC

    News & Events  
 - Federal News
 - Events

    Services For the:  
 - Federal Community
 - Vendor
 - User

    Links & Organizations  
 - Academic
 - Government
 - Professional
 - Additional Links

    General Information
 - Virus Information

  Search CSRC

February 22, 2000


FROM: John Podesta, Chief of Staff
SUBJECT: Security of Federal Information Systems

In light of recent events regarding the security of government web sites, I want to remind you that each agency is required to maintain adequate security of all information systems -- especially those that are publicly accessible.  The importance of this cannot be overstated.

The Chief Information Officers Council, the National Institute of Standards and Technology (NIST) and the General Services Administration (GSA) are working together to assist you in improving computer security and critical infrastructure protection.  They are developing performance measures to assess computer security programs, compiling sample policies and best practices to share across government, and developing ways to facilitate the timely installation of security patches for known vulnerabilities.

Technical and operational security guidance is available to protect your web sites and computer systems.  Please ensure that your staff is following the guidance from NIST and GSA's Federal Computer Incident Response Capability which may be found on their respective websites -- http://csrc.nist.gov and http://www.fedcirc.gov.

All agency security practices should be consistent with NIST/GSA guidance and with the security policies issued by the Office of Management and Budget.  In addition, the security practices for your national security systems should comport with applicable guidance for those systems.  Thank you.


Last updated: March 27, 2014
Page created: February 23, 2001

Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to secpolicies-info@nist.gov
NIST is an Agency of the U.S. Department of Commerce