INDUSTRY

The National Institute of Standards and Technology (NIST) will host a workshop at its headquarters in Gaithersburg, Md., on April 26 to help federal agencies comply with FISMA (Federal Information Security Management Act) through the development of uniform requirements for security assessment service providers. FISMA requires all federal agencies to develop, document and implement agency-wide information security programs including evaluation of the effectiveness of its information security policies, procedures, practices, and security controls to provide security for the information and information systems that support the operations and assets of the agency. NIST established a three-phase project to help federal agencies implement FISMA. In Phase I, NIST developed a suite of security standards and guidelines providing baseline security requirements and controls required by FISMA. Phase II, and this workshop, will focus on developing a program for credentialing public and private sector organizations to conduct information security assessments of federal information systems based on demonstrated competence in the security standards and guidelines developed in Phase I. For more information on the workshop, see its Web site.