Security Experts Push to Require Federal Information Security Guidelines
Jill R. Aitoro writes on NextGov.com:
The final version of the National Institute of Standards and Technology's computer security controls will incorporate recommendations developed by security experts in industry and government for dealing with attacks on federal networks. Those professionals hope that including their prescriptions in official NIST guidance will be the first step toward a federal mandate for compliance.More here.
After receiving more than 800 comments on its third revision of Special Publication 800-53 [.pdf] -- "Recommended Security Controls for Federal Information Systems and Organizations" -- NIST will post the final version online on July 31. One significant addition is guidance on how to fix the specific vulnerabilities in federal networks that hackers are known to exploit most frequently. These recommendations, known as the Consensus Audit Guidelines, were developed by security analysts from industry and government, including the Defense, Energy and Homeland Security departments, the National Security Agency, and the Government Accountability Office. They establish baseline information security measures and controls, most of which can be monitored continuously using automated processes.