Date Published: October 2000
Planning Note (8/4/2021):
NIST is proposing the withdrawal of SP 800-25. Public comments on this decision proposal may be submitted through September 3, 2021. See the full announcement for more details.
Author(s)
Kathy Lyons-Burke (NIST), Federal Public Key Infrastructure Steering Committee
This document builds on the Federal IT Security Assessment Framework (Framework) developed by NIST for the Federal Chief Information Officer (CIO) Council. The Framework established the groundwork for standardizing on five levels of security status and criteria agencies could use to determine if the five levels were adequately implemented. This document provides guidance on applying the Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area.
This document builds on the Federal IT Security Assessment Framework (Framework) developed by NIST for the Federal Chief Information Officer (CIO) Council. The Framework established the groundwork for standardizing on five levels of security status and criteria agencies could use to determine if the...
See full abstract
This document builds on the Federal IT Security Assessment Framework (Framework) developed by NIST for the Federal Chief Information Officer (CIO) Council. The Framework established the groundwork for standardizing on five levels of security status and criteria agencies could use to determine if the five levels were adequately implemented. This document provides guidance on applying the Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area.
Hide full abstract
Keywords
Federal bridge CA; Government Paperwork Elimination Act; GPEA; guidance; PKI; public key infrastructure
Control Families
Contingency Planning; Identification and Authentication; Planning; Risk Assessment; System and Communications Protection
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
