http://www.gcn.com/online/vol1_no1/46877-1.html



By William Jackson

GCN.com

08/14/08



The National Institute of Standards and Technology has updated its 

guidelines for mapping information in government information systems to 

categories that specify the types of security controls the data 

requires.



The Federal Information Security Management Act requires that agencies 

assign levels of risk to information and information systems based on 

the likelihood and impact of exposure, modification or loss, and link 

the level of risk to appropriate security controls. The two-volume 

Special Publication 800-60 Revision 1, "Guide for Mapping Types of 

Information and Information Systems to Security Categories," is a 

revision of guidelines published in 2004.



NIST also released for public comment a draft interagency report with 

test requirements for validating products for the Security Content 

Automation Protocol.



Volume 1 of SP 800-60 Rev. 1 is a reference resource with basic guidance 

for mapping security categories. Not all of the material will be 

relevant to all agencies, NIST said. Volume 2 is a set of appendices 

that include security categorization recommendations and the rationale 

for categorizing various information types.



[...]





__________________________________________________      

Visit Defcon Pics - Defcon Memory Repository 

http://www.defconpics.org



Received on Fri Aug 15 2008 - 00:05:56 PDT