NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

FISMA NEWS

(June 10, 2014) -- Errata Update for NIST Special Publication 800-37, Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
NIST announces the release of an errata update to NIST Special Publication 800-37, Rev.1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,(DOI link http://dx.doi.org/10.6028/NIST.SP.800-37r1).

(June 3, 2014) -- Ongoing Authorization Supplemental Guidance Released
A new NIST Computer Security Division publication, Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management.

(May 20, 2014) -- Development Schedule for FISMA Implementation Project Publications has been updated.

(May 20, 2014) -- Update on Three FISMA Publications Ongoing Authorization Supplemental Guidance, SP 800-37, Rev 1 (Errata), SP 800-53A Rev 4 (IPD) (1st article on page)

(May 20, 2014) -- NIST SP 800-53 On-Line Database Updated to Revision 4 (see 2nd article)

more news

Federal Information Security Management Act (FISMA) Implementation Project

Protecting the Nation's Critical Information Infrastructure

Our Vision

To promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act including:

  • Standards for categorizing information and information systems by mission impact
  • Standards for minimum security requirements for information and information systems
  • Guidance for selecting appropriate security controls for information systems
  • Guidance for assessing security controls in information systems and determining security control effectiveness
  • Guidance for the security authorization of information systems
  • Guidance for monitoring the security controls and the security authorization of information systems

Leading To...

  • The implementation of cost-effective, risk-based information security programs
  • The establishment of a level of security due diligence for federal agencies and contractors supporting the federal government
  • More consistent and cost-effective application of security controls across the federal information technology infrastructure
  • More consistent, comparable, and repeatable security control assessments
  • A better understanding of enterprise-wide mission risks resulting from the operation of information systems
  • More complete, reliable, and trustworthy information for authorizing officials--facilitating more informed security authorization decisions
  • More secure information systems within the federal government including the critical infrastructure of the United States

The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents are being developed in support of the project including NIST Special Publications 800-37, 800-39, and 800-53A. It should be noted that the Computer Security Division continues to produce other security standards and guidelines in support of FISMA. These publications can be located by visiting the division's Publications page at: http://csrc.nist.gov/publications/.