From National Institute of Standards and Technology | Oct 30, 2009
The E-Government Act of 2002 recognized the importance of information security to
the economic and national security interests of the United States. Title III of the
E-Government Act tasked NIST with the responsibility of developing security standards
and guidelines for the federal government including the development of standards for
categorizing information and information systems collected or maintained by or on
behalf of each federal agency based on the objectives of providing appropriate levels
of information security according to a range of risk levels; guidelines recommending
the types of information and information systems to be included in each category; and
minimum information security requirements for information and information systems in
each such category.
This research guide specifies minimum security requirements for information and
information systems supporting the executive agencies of the federal government and a
risk-based process for selecting the security controls necessary to satisfy the minimum
security requirements. This standard will promote the development, implementation, and
operation of more secure information systems within the federal government by
establishing minimum levels of due diligence for information security and facilitating
a more consistent, comparable, and repeatable approach for selecting and specifying
security controls for information systems that meet minimum security requirements.
The attached Zip file includes:
- Intro Page.doc
- Cover Sheet and Terms.pdf
- Minimum Security Requirements for Federal Information and Information
Systems.pdf
