NIST Urges Broader Approach To Federal IT Security

The standards organization has issued a publication to help agencies solidify their risk management initiatives and comply with the government's FISMA security standard.

Obama's Tech Tools

Obama's Tech Tools

(click image for larger view)
Slideshow: Obama's Tech Tools

The federal agency for implementing technology standards has published a guide to help government organizations weave overall objectives and goals into the fabric of their security strategy.

The National Institute of Standards and Technology (NIST) has published "Managing Information Security Risk: Organization, Mission, and Information System View" to support the Federal Information Security Management Act (FISMA), according to the institute. FISMA is NIST's security standard for IT products and systems deployed in the federal government and a key requirement for IT products that agencies consider using in their IT environments.

NIST's new publication, written by NIST fellow Ron Ross with several others, introduces a holistic approach to risk management rather than merely focusing on its IT aspect, a narrow scope that agencies traditionally have followed, according to NIST.

The publication instead asks organizations to consider its overall missions and business functions first when they consider risk-management and security. They are then encouraged to work from there to integrate security into information systems as well, according to NIST.

The goal of this approach is to make sure that agencies' decisions about security -- at the organization, individual, partnership, and even national level -- are driven by strategic investments rather than IT interests or investments.

It also is meant to encourage organizations to build more secure systems that help their leaders understand the threats that exist beyond a mere IT level by the "ever-increasing use of, and dependence on, information technology, and network connectivity," Ross said in a statement.

The recently published guide is the fourth in a series of risk management and IT security guidelines that the Joint Task Force Transformation Initiative -- a joint partnership between NIST, the Department of Defense, the Intelligence Community coalition, and the Committee on National Security Systems -- has published to help federal agencies build more secure IT systems.

The initiative's goal is to address the security challenges of both the federal government and U.S. critical infrastructure. The Secretary of Defense, the director of national intelligence, and the Secretary of Commerce lead the initiative.

Cybersecurity -- both internally and externally -- is a chief concern of the federal government under the Obama administration, which has directed a number of agencies to address the broader issue as well as each agency to shore up security within its own organization.

Read more about:


About the Author(s)

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights