NIST Drafts Security Controls For Computer SystemsNIST Drafts Security Controls For Computer Systems

Computer scientists at the National Institute of Standards and Technology on Monday issued an initial public draft that explains recommended security controls for computer systems. The 238-page report details controls that the government will require in 2005 and is expected to influence controls to be used by other governments and business.

Security controls are the management, operational, and technical safeguards and countermeasures prescribed for a computer system that, taken together, adequately protect the confidentiality, integrity, and availability of a system and its information, according to NIST, a Commerce Department agency. Management safeguards range from risk assessment to security planning. Operational safeguards include factors such as personnel security and basic hardware and software maintenance. Technical safeguards include items such as audit trails and communications protection.

Congress required NIST to develop these controls as part of the Federal Information Security Management Act of 2002.

During the next three months, NIST invites public comments on the guidelines, known as Recommended Security Controls For Federal Information Systems, or NIST Special Publication 800-53. The document can be accessed at csrc.nist.gov/publications/drafts.html.