NIST rewrites FISMA standards as cyber threats evolve

Monday - 3/5/2012, 6:18pm EST

Ron Ross, NIST fellow and FISMA Implementation Project Leader

Download mp3

The National Institute of Standards and Technology has issued major revisions to the Federal Information Security Management Act, which governs agency information security policies.

The revamped FISMA includes new guidance for insider-threat management, supply-chain risk and mobile security.

"The changes we propose ... are directly linked to the current state of the threat space — the capabilities, intentions and targeting activities of adversaries — and analysis of attack data over time," said Ron Ross, a NIST fellow and the agency's FISMA implementation project leader.

Ross joined In Depth with Francis Rose to discuss the FISMA additions.

"This has been a really big update for us," Ross said. "It's been a year in the making, and we took a complete scrub of the entire security-control catalogue looking at the current threat space."

There is also the addition of a new appendix on privacy and privacy controls to better balance security needs and the privacy of individual users, he added.

"The threat space continues to move forward," Ross said. "We're looking at a lot of data on cyber attacks, capabilities, intentions, targeting by adversaries. All that information is used in a cycle to update our documents ... So, we're always going to be trying to bring the best defenses to our customer we possibly can."

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.

RELATED STORIES:

Senate begins work on FISMA update

Agencies must use Cyberscope tool for FISMA reports