Commerce Department Issues Security StandardCommerce Department Issues Security Standard

The Commerce Department on Wednesday issued a new standard to help federal agencies secure their computer networks, introducing significant changes in how the government protects information.

The mandatory standard includes criteria to be used by non-national security agencies in categorizing information and IT systems and providing suitable levels of security according to a series of impact levels. Under the standard, agencies will assess the potential impact on their missions that would result from a security breach because of unauthorized disclosure or modification of information and denial of service.

Congress last year required the Commerce Department's National Institute of Standards and Technology to develop the standard, which officials characterize as a critical component of an agency's risk-management program. NIST also is developing a companion standard that will specify minimum-security requirements for all federal information systems. Together, the Commerce Department says, these two standards will help ensure that appropriate, cost-effective security measures are put in place for each federal information system.

In a prepared statement, Commerce Secretary Donald Evans said the standard "will help agencies better handle security threats by providing better information and guidance to federal agencies so they can make sound decisions."