If you have ever heard of the Federal Information Security Management Act, then you are aware of the work done by the National Institute of Standards and Technology.

The goal of the Act, not to  mention the subsequent documents that resulted from strategies designed around implementing it, led NIST to create works designed to bolster security on the information systems operated by the majority of federal agencies.

The agencies and the organizations that do business with them are expected to implement the protocols found in these documents within one year of publication.

As with any attempt at security in the public sector, updates and revisions are released from time to time. In order to understand the function of NIST 800-53 in terms of information security, it helps to know a little about what it’s designed to do, how it came about and even how to implement the provisions properly.

The Origins

The Federal Information Security Management Act (FISMA) came into being as part of the Electronic Government Act of 2002. The law recognizes the importance of keeping documents and information firmly within the control of the agency that is tasked with using it and ensuring it is only released through channels allowed by current laws.

As part of FISMA, the directive was for each agency to develop programs designed to protect data and distribute it in ways that are in compliance with current laws and regulations.

It was within this setting that NIST 800-53 came into being. The document focuses on strategies designed to protect information that is controlled by governmental agencies and ensure that it is properly shielded from hacking attempts and corruption that would lead to widespread abuse of the data as well as to ensure the information remains an asset rather than a liability.

Over (Read more...)