Feds Release Guidelines for Securing IT
New federal guidelines for securing computer systems and networks were released for comment on Tuesday.The federal government on Tuesday released for comment a new set of guidelines for securing computer systems and networks. Although the guidelines are intended for use by government agencies, officials at the National Institute of Standards and Technology are hoping that enterprises will adopt them as well. The guidelines spell out in detail the method that security specialists should use in assessing the overall security, integrity and availability of a system. It also lays out steps for selecting and deploying security controls. Titled "Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems," the document enumerates three separate certification levels for federal systems: Security Certification Level 1 (SCL-1), SCL-2 and SCL-3. The levels are based on the amount of concern for security, confidentiality and availability that network operators have for a particular system.
Each level has its own verification techniques, ranging from a checklist-based independent security review and personnel interview for SCL-1 to a system design analysis, regression analysis and penetration testing for SCL-3.