Recommended Security Controls for Federal Information Systems

The National Institute of Standards and Technology (NIST) is responsible for developing standards and guidelines for information security for all civilian federal agencies. It produces security controls for information systems, which are the safeguards necessary to protect the confidentiality, integrity and availability of the data. The NIST SP (Special Publication) 800-53: Recommended Security Controls for Federal Information Systems defines security controls for executive agencies of the US federal government. This article introduces the publication and some of its key concepts.

Purpose of NIST SP 800-53

The FISMA (Federal Information Security Management Act) mandates that information system must adequately protect government data. Under [...]

Share
October 26th, 2010 | Tags: , , , , , | Category: Privacy | Leave a comment

SCAP

SCAP is a means of applying standards to ensure management and measurement of vulnerabilities. The objective of SCAP is to facilitate evaluation and policy compliance by integrating the goals of IT with those of IT security.

What is SCAP?

SCAP (Security Content Automation Protocol) enables maintenance and assessment of enterprise systems security to be conducted in a standardized manner. SCAP is made up of several open standards that are used to identify and describe flaws and other security issues. SCAP standards may be able to carry out any of the following tasks:

-       Automatically verify patches

-       Check system security [...]

Share
October 19th, 2010 | Tags: , , , , , | Category: Privacy | Leave a comment

Office of Managment and Budget Memos

The Office of Management and Budget is one of several Government departments that issues new regulations and recommendations for protecting information maintained by the Federal Government. OMB Circular A-130, Memorandum-01-05, and Memorandum-05-08 are three important documents issued by the Office of Management and Budget for these [...]

Share
April 6th, 2010 | Tags: , , , , , , , , , , , | Category: CIPP, Compliance & Regulations, Privacy | One comment

Common Risks Impeding the Adequate Protection of Government Information

In 2007, the Department of Homeland Security an Office of Management and Budget, along with the Presidential Identity Theft Task Force, investigated information privacy and security practices in the United States Government. They developed a report called the Common Risks Impeding the Adequate Protection of Government Information (pdf)which included a list of ten common mistakes made by U.S. departments and agencies and provided recommendations for new practices to be implement to eliminate and reduce security [...]

Share
March 22nd, 2010 | Tags: , , , , , , , , , , , , , , , , , , , , | Category: CIPP, Compliance & Regulations, Privacy | Leave a comment

OMB Memoranda 06-15 and 06-16: Safeguarding Information Maintained by the U.S. Government

OMB Memoranda 06-15 and 06-16: Safeguarding Information Maintained by the U.S. Government

In 2006, the Office of Management and Budget published two memoranda back to back dealing specifically with protecting certain types of information maintained by the Federal Government. M-06-15 addresses safeguarding personally identifiable information. M-06-16 deals with the protection of sensitive agency information. Both memoranda reiterate the security requirements of previous regulations, and expand upon them to make them more effective.

OMB M-06-15: Safeguarding Personally Identifiable Information

M-06-15 served as a reminder to government agencies of their responsibilities towards protecting personally identifiable information.

Under the Privacy Act of 1974 agencies must:

Establish rules [...]

Share
March 10th, 2010 | Tags: , , , , , , , | Category: CIPP, Compliance & Regulations, Privacy | Leave a comment