Minimum Security Requirements for Federal Information and Information Systems

This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements.


Partner logo

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology » | Visit National Institute of Standards and Technology »

From National Institute of Standards and Technology | Oct 30, 2009

The E-Government Act of 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act tasked NIST with the responsibility of developing security standards and guidelines for the federal government including the development of standards for categorizing information and information systems collected or maintained by or on behalf of each federal agency based on the objectives of providing appropriate levels of information security according to a range of risk levels; guidelines recommending the types of information and information systems to be included in each category; and minimum information security requirements for information and information systems in each such category.

This research guide specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. This standard will promote the development, implementation, and operation of more secure information systems within the federal government by establishing minimum levels of due diligence for information security and facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems that meet minimum security requirements.

The attached Zip file includes:

  • Intro Page.doc
  • Cover Sheet and Terms.pdf
  • Minimum Security Requirements for Federal Information and Information Systems.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

Laying the IT Security Foundation

Read this white paper to learn how managing your critical risks can help prevent threats such as Conficker from wreaking havoc on your business.

The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164

Read this white paper to learn how enhanced file integrity monitoring software supports the secure processes outlined in HIPAA and how you can achieve and maintain compliance with many the Act's security controls over the long term.