recommended reading

NIST Unveils 'Framework Meets FISMA' Cyber Best Practices

Omelchenko/Shutterstock.com

The government’s cyber standards agency released draft guidance Friday outlining cybersecurity best practices for federal agencies.

The long-planned initiative came just one day after President Donald Trump issued an executive order mandating federal agencies implement a cybersecurity framework that agency, the National Institute of Standards and Technology, developed or face consequences.

Friday’s guidance from NIST essentially outlines how agencies can incorporate that cybersecurity framework into their existing security requirements. NIST officials have referred colloquially to the document as “framework meets FISMA,” a reference to the Federal Information Security Management Act, government’s main cyber compliance law.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The document, officially titled NIST Interagency Report 8170, outlines how agencies can use NIST frameworks requirements to vet the cybersecurity of their technology vendors and apportion cybersecurity responsibilities to different parts of their organizations, among other uses.

It also outlines how the framework can help officials assess how well an agency is complying with data privacy laws including FISMA and the Health Insurance Portability and Accountability Act, or HIPAA.

NIST is seeking feedback on how to improve the guidance for federal IT managers and executives at private companies that work with the government. The document will be open for comment through June 30.

The document has gone through several internal revisions over the past year, NIST Cybersecurity Framework manager Matthew Barrett said recently.

The current version is intended for anyone who manages federal information systems, ranging from senior executives to line managers, according to the document.

“It is especially relevant for personnel who develop, implement, report, and improve enterprise and cybersecurity risk management processes within their organizations,” the document states.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.