The E-Government Act of 2002 (Public Law 107-347) recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, "Federal Information Security Management Act (FISMA) of 2002," tasked NIST with the responsibility of developing security standards and guidelines for the federal government. This standard—the second of two security standards mandated by FISMA—specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements.
This standard will promote the development, implementation, and operation of more secure information systems within the federal government by establishing minimum levels of due diligence for information security and facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems that meet minimum security requirements
The E-Government Act of 2002 (Public Law 107-347) recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, "Federal Information Security Management Act (FISMA) of 2002," tasked NIST with the. See full abstract
The E-Government Act of 2002 (Public Law 107-347) recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, "Federal Information Security Management Act (FISMA) of 2002," tasked NIST with the responsibility of developing security standards and guidelines for the federal government. This standard—the second of two security standards mandated by FISMA—specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements.
This standard will promote the development, implementation, and operation of more secure information systems within the federal government by establishing minimum levels of due diligence for information security and facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems that meet minimum security requirements
Access Control ; Awareness and Training ; Audit and Accountability ; Assessment, Authorization and Monitoring ; Configuration Management ; Contingency Planning ; Identification and Authentication ; Incident Response ; Maintenance ; Media Protection ; Physical and Environmental Protection ; Planning ; Personnel Security ; Risk Assessment ; System and Services Acquisition ; System and Communications Protection ; System and Information Integrity
Supplemental Material:
None available
Related NIST Publications:
FIPS 199
Document History:
03/01/06: FIPS 200 (Final)
Laws and Regulations