22 July 2009
Task force plan to secure U.S. systems
The first installment of a three-year effort to build a unified information security framework for the entire federal government is now up and ready to go.
Historically, information systems at civilian agencies have operated under different security controls than military and intelligence information systems, according to the National Institute of Standards and Technology (NIST), which worked in partnership with the Department of Defense (DOD), the Intelligence Community (IC), and the Committee on National Security Systems (CNSS) to come up with the plan. This installment is “NIST Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations.”
“The common security control catalog is a critical step that effectively marshals our resources,” said Ron Ross, NIST project leader for the joint task force. “It also focuses our security initiatives to operate effectively in the face of changing threats and vulnerabilities. The unified framework standardizes the information security process that will also produce significant cost savings through standardized risk management policies, procedures, technologies, tools, and techniques.”
This publication is a revision of the security control catalog previously published in response to the Federal Information Security Management Act of 2002. This publication contains the catalog of security controls and technical guidelines that federal agencies use to protect their information and technology infrastructure.
When complete, the unified framework will result in the defense, intelligence, and civil communities using a common strategy to protect critical federal information systems and associated infrastructure. This ongoing effort is consistent with President Barack Obama’s call for “integrating all cyber security policies for the government.”
The revised security control catalog in SP 800-53 provides the most state-of-the-practice set of safeguards and countermeasures for information systems. The updated security controls evolved from a joint task force that included NIST, DOD, the IC, and the CNSS with specific information from databases of known cyber attacks and threat information.
For related information, go to www.isa.org/security.