NIST RELEASES STANDARDS FOR SECURITY CLASSIFICATIONS

Interessante news...
 
The National Institute of Standards and Technology (NIST) released a draft
of a new standard that federal agencies will use to determine how much
security their computer systems will require.

NIST's Computer Security Division published a draft of the Federal
Information Processing Standard, which was mandated by the Federal
Information Security Management Act of 2002.

The draft compels agencies to rate risk levels to data they control on a
three-tier scale--low, moderate or high--based on three factors:
confidentiality, data integrity and level of information availability.

A high risk means there's potential for a severe or catastrophic impact
in the event of a security breach. The standards apply only to federal
agencies not involved in homeland security or defense. The standard goes
into affect after a 90-day comment period.

NIST Director Arden Bement says he wants agencies to consider impact
levels as a way of clarifying security issues because they remain the same
over time while threat levels change every day.

http://csrc.nist.gov/publications/drafts/FIPS-PUB-199-ipd.pdf

Saluti

--

Fabio Pietrosanti ( naif )
E-mail: fabio@pietrosanti.it - naif@sikurezza.org
PGP Key available on my homepage: http://fabio.pietrosanti.it/
--
And you will learn to be paranoid and cynical...
--

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List