Feds Release Guidelines for Securing IT | eWeek

Feds Release Guidelines for Securing IT

Verfasst von
Dennis Fisher
Dennis Fisher
Oct 30, 2002
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

The federal government on Tuesday released for comment a new set of guidelines for securing computer systems and networks. Although the guidelines are intended for use by government agencies, officials at the National Institute of Standards and Technology are hoping that enterprises will adopt them as well.

The guidelines spell out in detail the method that security specialists should use in assessing the overall security, integrity and availability of a system. It also lays out steps for selecting and deploying security controls.

Titled “Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems,” the document enumerates three separate certification levels for federal systems: Security Certification Level 1 (SCL-1), SCL-2 and SCL-3. The levels are based on the amount of concern for security, confidentiality and availability that network operators have for a particular system.

Each level has its own verification techniques, ranging from a checklist-based independent security review and personnel interview for SCL-1 to a system design analysis, regression analysis and penetration testing for SCL-3.

NIST is also planning to hold a meeting in early 2003 to consider developing a way to test the technical competence of third parties to conduct the security reviews spelled out in the new guidelines.

“This is a very significant step toward making the federal governments computer systems more secure,” said Phillip Bond, undersecretary for technology at the Department of Commerce in Washington, which oversees NIST. “It gives agencies a comprehensive, yet flexible way to ensure that their computers are as safe as they should be.”

The guidelines are open for public comment through Jan. 31, and are available on the NIST Web site.

Related Stories:

  • Security Fueling Open-Source Adoption
  • Clarke Solicits Cyber-Security Input at MIT
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.