What is NIST Compliance?
National Institute of Standards and Technology (NIST) develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) and in managing cost-effective programs to protect their information and information systems.[i]
The National Institute of Standards and Technology ( NIST ) outlines nine steps toward compliance with FISMA:
- Categorize the information to be protected.
- Select minimum baseline controls.
- Refine controls using a risk assessment procedure.
- Document the controls in the system security plan.
- Implement security controls in appropriate information systems.
- Assess the effectiveness of the security controls once they have been implemented.
- Determine agency-level risk to the mission or business case.
- Authorize the information system for processing.
- Monitor the security controls on a continuous basis.
For the latest NIST Special Publication 800-79-2 Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) go to http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-79-2.pdf
For Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations go http://csrc.nist.gov/publications/drafts/800-171/sp800_171_second_draft.pdf