Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

ITL Bulletin

Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government

Date Published: November 2004


Ron Ross (NIST), Patricia Toth (NIST)



Federal Information Processing Standards; Federal Information Security Management Act; FISMA; information security; information system security; minimum security requirements; risk management; Risk Management Framework; SDLC; security categorization; security controls; System Development Life Cycle
Control Families

Audit and Accountability; Security Assessment and Authorization; Planning; Program Management; Risk Assessment


November 2004 ITL Bulletin

Supplemental Material:
None available

Document History:
11/01/04: ITL Bulletin (Final)


Security and Privacy
audit & accountability; planning; risk assessment