Publications
Withdrawn on March 10, 2021.
Understanding the New NIST Standards and Guidelines Required by FISMA: How Three Mandated Documents are Changing the Dynamic of Information Security for the Federal Government
Documentation
Topics
Date Published: November 2004
Author(s)
Ron Ross (NIST), Patricia Toth (NIST)
This bulletin summarizes an article entitled "Understanding the New FISMA-Required NIST Standards and Guidelines" by Ron S. Ross, PhD. It highlights FIPS 199, "Standards for Security Categorization of Federal Information and Information Systems," which is NIST's flagship standard in support of the Federal Information Security Management Act (FISMA) of 2002. Users are provided with a high-level overview of how risk management principles can be applied to both new and legacy information systems within the System Development Life Cycle (SDLC).
This bulletin summarizes an article entitled "Understanding the New FISMA-Required NIST Standards and Guidelines" by Ron S. Ross, PhD. It highlights FIPS 199, "Standards for Security Categorization of Federal Information and Information Systems," which is NIST's flagship standard in support of the...
See full abstract
This bulletin summarizes an article entitled "Understanding the New FISMA-Required NIST Standards and Guidelines" by Ron S. Ross, PhD. It highlights FIPS 199, "Standards for Security Categorization of Federal Information and Information Systems," which is NIST's flagship standard in support of the Federal Information Security Management Act (FISMA) of 2002. Users are provided with a high-level overview of how risk management principles can be applied to both new and legacy information systems within the System Development Life Cycle (SDLC).
Hide full abstract
Keywords
Federal Information Processing Standards; Federal Information Security Management Act; FISMA; information security; information system security; minimum security requirements; risk management; Risk Management Framework; SDLC; security categorization; security controls; System Development Life Cycle
Control Families
Audit and Accountability; Assessment, Authorization and Monitoring; Planning; Program Management; Risk Assessment
Documentation
Publication:
Download (pdf)
Supplemental Material:
None available
Document History:
11/01/04: ITL Bulletin (Final)