Search CSRC

Abstract: This bulletin summarizes the information presented in NIST Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, on the catalog of security controls for information systems. These best practices are broad based and comprehensive safe...

Abstract: This bulletin provides information on the applicability and implementation of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. It advises Federal agencies of the requirements under the Federal Information Security Management Act (FISMA) of 2002 to categorize t...

Abstract: This ITL Bulletin summarizes NIST SP 800-53, Recommended Security Controls for Federal Information Systems and discusses the use of SP 800-53 within the context of federal agency information security programs. The bulletin covers SP 800-53 and Federal Information Security Management Act (FISMA) requ...

Abstract: This bulletin summarizes an article entitled "Understanding the New FISMA-Required NIST Standards and Guidelines" by Ron S. Ross, PhD. It highlights FIPS 199, "Standards for Security Categorization of Federal Information and Information Systems," which is NIST's flagship standard in support of the F...

Abstract: The purpose of this document is to provide a standard for categorizing federal information and information systems according to an agency's level of concern for confidentiality, integrity, and availability and the potential impact on agency assets and operations should their information and informat...

Abstract: [The NIST Computer Security Division prepared this report for the Security, Privacy, and Critical Infrastructure Committee of the CIO Council.] The Federal Information Technology (IT) Security Assessment Framework (or Framework) provides a method for agency officials to 1) determine the current sta...

NIST announces the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.

NIST announces the release of Draft Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (Initial Public Draft).

NIST announces the release of an errata update to Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.

NIST announces the release of Draft Special Publication (SP) 800- 16 Revision 1 (3rd public draft), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based training ...

NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations

NIST announces the release of the Second Public Draft of Special Publication (SP) 800-16 (Revision 1), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based ...

NIST announces the final release of Special Publication (SP) 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Special Publication 800-53, Revision 4, represents the most comprehensive update to the security controls catalog since its ...

NIST seeks additional comments on specific sections of the 2009 Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules… Comments were due October 1, 2012.

NIST announces the Revised Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules. Comments must be received on or before March 11, 2010.

This notice announces Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules, for public review and comment. The draft standard, designated “Draft FIPS 140-3,” is proposed to supersede FIPS 140-2.

This notice announces the Secretary of Commerce's approval of Federal Information Processing Standard (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems.

The National Institute of Standards and Technology (NIST) announces the release of draft Federal Information Processing Standards (FIPS) Publication 200, Minimum Security Requirements for Federal Information and Information Systems for public comment.

NIST announces that it plans to develop Federal Information Processing Standard (FIPS) 140-3, which will supersede FIPS 140-2, Security Requirements for Cryptographic Modules.

The Secretary of Commerce has approved FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, and has made it compulsory and binding on Federal agencies for the protection of…

Draft FIPS 199 defines requirements to be used by Federal agencies to categorize information and information systems, and to provide appropriate levels of information security according to a range of risk levels…

NIST solicits public comments on Draft Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules

NIST proposes the reaffirmation of Federal Information Processing Standard (FIPS) 140-1, Security Requirements for Cryptographic Modules

Type: Presentation

Abstract: The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorizat...