X

Feds lay down draft rules on system security

The U.S. Commerce Department's standards and technology body lists minimal security requirements for federal agencies.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers

The U.S. Commerce Department's National Institute of Standards and Technology, or NIST, has released a draft version of the minimal security requirements for federal agencies. (Download PDF) The report, published Friday, comes one month after government auditors found that the agencies are not prepared to deal with the triple Internet menaces of spam, phishing and spyware.

The requirements are meant to help the government organiztions improve their information technology security and comply with the Federal Information Security Management Act (FISMA) of 2002. The document covers 17 areas with regard to protecting the confidentiality, integrity and availability of federal information systems and the information processed, stored and transmitted by those systems. NIST has invited public comments on the draft standard until Sept. 13, 2005. After it becomes effective, federal agencies must be in compliance within one year.