The final standard for ensuring the security of federal agencies’ computer systems under the Federal Information Security Management Act (FISMA) has been released by the National Institute of Standards and Technology (NIST), Government Computer News (GCN) reports.The standard, called Federal Information Processing Standard (FIPS) 200, includes minimum security requirements for federal computer systems in a number of key areas, GCN reports.Agencies must comply with the newly released standard by March 2007, according to GCN.FIPS 200 is the final of three publications called for from NIST within FISMA, which mandates that executive branch agencies all create ongoing, up-to-date and manageable security measures for non-national computer systems, according to GCN. The goal of FISMA is to establish risk-based security practices for applying appropriate security controls to federal agencies’ various systems, GCN reports.The first NIST publication required under FISMA, FIPS 199, was released in 2004, and it was created to help rank systems’ need for security as low, moderate or high, based on the projected impact of a data breach or other system failure, according to GCN. The second NIST publication, Special Publication 800-53, specifies the tools that should be employed to secure IT systems under the newly released publication FIPS 200, GCN reports.According to GCN, security requirements for the following areas are included within FIPS 200:-Access Control-Awareness and Training-Audit and Accountability-Certification, Accreditation and Security Assessments -Configuration Management-Contingency Planning-Identification and Authentication-Incident Response -Maintenance-Media Protection-Physical and Environmental Protection Planning-Personnel Security-Risk Assessment-System and Services Acquisition-System and Communications Protection-System and Information IntegrityFederal agencies must apply the appropriate level of security controls to each of these areas based on the low, moderate or high impact rating they received under FIPS 199, GCN reports.For related CSO content, read Five Years and Flunking.Keep checking in at our CSO Security Feed page for updated news coverage. Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe