US to boost government IT security

The National Institute of Standards and Technology (Nist) has published a set of draft guidelines designed to assess the effectiveness IT security across US government information systems.

The content of the new guide is expected to be incorporated into automated tools that support Federal information security programmes.

Nist said that the 387-page guide will help security managers ensure that appropriate computer security controls work as intended to protect information systems from being improperly accessed or compromised.

The guide is a companion document to Nist Special Publication 800-53 (Minimum Security Controls for Federal Information Systems) which spells out the types of security controls that must be used to protect Federal information systems.

These include user authentication, spam protection, cryptography and transmission confidentiality.

The Federal Information Security Management Act (FISMA) of 2002 instructs Nist to prepare minimum computer security requirements for all Federal information systems other than national security systems.

"The assessment requirements presented in this latest draft are intended to make compliance with FISMA easier and more efficient, and ultimately to produce better computer and information security for the Federal government," said Ron Ross, FISMA implementation project leader at Nist.

Nist said it will accept comments on the draft document through to 31 July 2007. Comments should be emailed to sec-cert@nist.gov or posted to Nist at 100 Bureau Dr, M.S. 8930, Gaithersburg, Md. 20899-8930.