The National Institute of Standards and Technology has released
“Federal Information Processing Standards 200,” specifying
minimum information security requirements in 17 areas.
The standard is part of a series of publications stemming
from the Federal Information Security Management Act.
Effective immediately, NIST said the standard is applicable to
all information within the federal government other than
information determined to be pursuant to executive order 12958,
as amended by Executive Order 13292, or any predecessor order,
or by the Atomic Energy Act of 1954, to require protection
against unauthorized disclosure and is marked to indicate its
classified status, as well as all federal information systems
other than those information systems designated as national
security systems.
Federal agencies have one year to meet the requirements in the
standard through the use of security controls in accordance
with NIST special publication 800-53, “Recommended Security
Controls for Federal Information Systems.”
The publication is available at http://csrc.nist.gov/publications/.
