This site displays a prototype of a “Web 2.0” version of the daily Federal Register. It is not an official legal edition of the Federal Register, and does not replace the official print version or the official electronic version on GPO’s govinfo.gov.
The documents posted on this site are XML renditions of published Federal Register documents. Each document posted on the site includes a link to the corresponding official PDF file on govinfo.gov. This prototype edition of the daily Federal Register on FederalRegister.gov will remain an unofficial informational resource until the Administrative Committee of the Federal Register (ACFR) issues a regulation granting it official legal status. For complete information about, and access to, our official publications and services, go to About the Federal Register on NARA's archives.gov.
The OFR/GPO partnership is committed to presenting accurate and reliable regulatory information on FederalRegister.gov with the objective of establishing the XML-based Federal Register as an ACFR-sanctioned publication in the future. While every effort has been made to ensure that the material on FederalRegister.gov is accurately displayed, consistent with the official SGML-based PDF version on govinfo.gov, those relying on it for legal research should verify their results against an official edition of the Federal Register. Until the ACFR grants it official status, the XML rendition of the daily Federal Register on FederalRegister.gov does not provide legal notice to the public or judicial notice to the courts.
National Institute of Standards and Technology (NIST), Commerce.
NIST invites public and private organizations to submit their information security practices for inclusion in its Computer Security Resource Center. The NIST Computer Security Resource Center (CSRC) Web site, located at http://csrc.nist.gov, houses security specific guidance and tools that are shared widely in support of improving security programs and fostering good security practice. Selected information security practices will be posted on the Federal Agency Security Practices (FASP) section of the CSRC Web page (http://csrc.nist.gov/fasp). FASP includes a variety of agency security practices, which have been successfully used by the submitters in implementing their information security programs. With the recognition that protection of the Nation's critical infrastructure is dependent upon effective information security solutions and to minimize vulnerabilities associated with a variety of threats, the broader sharing of such practices will enhance the overall security of the nation. Today's federal networks and systems are highly interconnected and interdependent with non-federal systems. Access to information security Start Printed Page 51559practices in the public and private sector can be applied to enhance the overall performance of Federal information security programs.
Request period is open-ended. Submissions can be offered at any time.
Written submissions may be sent to Computer Security Division, ATTN: Information Security Practices, Mail Stop 8930, 100 Bureau Drive, Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic submissions should be sent to: email@example.com. Materials accepted by NIST will be posted to its CSRC Web site at http://csrc.nist.gov/pcig.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Ms. Joan Hash, (301) 975-3357, National Institute of Standards and Technology, Attn: Computer Security Division, 100 Bureau Drive (Mail Stop 8930), Gaithersburg, MD 20899-8930, e-mail: firstname.lastname@example.org.End Further Info End Preamble Start Supplemental Information
Under section 5131 of the Information Technology Management Reform Act of 1996 and sections 302-3 of the Federal Information Security Management Act of 2002 (FISMA) (Pub. L. 107-347), the Secretary of Commerce is authorized to approve standards and guidelines for Federal information systems and to make standards compulsory and binding for Federal agencies as necessary to improve the efficiency or security of Federal information systems. NIST is authorized to develop standards, guidelines, and associated methods and techniques for information systems, other than national security systems, to provide for adequate information security for agency operations and assets. The FISMA requires each Federal agency to develop, document, and implement an agency-wide information security program that will provide information security for the information and information systems supporting the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. The FISMA specifically tasked NIST to evaluate public and private sector security practices. This is done to improve the level of Federal security programs and to learn from public and private sector best practices.
NIST invites public and private organizations to submit their information security practices for inclusion in its Computer Security Resource Center. The NIST CSRC Web site, located at http://csrc.nist.gov specific guidance and tools that are shared widely in support of improving security programs and fostering good security practice. Selected information security practices will be posted on the FASP section of the CSRC Web page (http://csrc.nist.gov/fasp). FASP includes a variety of agency security practices, which have been successfully used by the submitters in implementing their information security programs. With the recognition that protection of the Nation's critical infrastructure is dependent upon effective information security solutions and to minimize vulnerabilities associated with a variety of threats, the broader sharing of such practices will enhance the overall security of the nation. Today's Federal networks and systems are highly interconnected and interdependent with non-Federal systems. Access to information security practices in the public and private sector can be applied to enhance the overall performance of Federal information security programs.
Submitters must indicate the source of the information security practices, such as an official organization Web site, or they may submit their information security practices accompanied by a management official's approval. Submitters may request that NIST sanitize the submission to mask the source of the material. NIST will review submissions for consistency with generally accepted security practices prior to posting. These practices may be found at http://csrc.nist.gov/publications/. Submissions must include a point of contact. NIST reserves the right to accept, post and remove submissions at its discretion. By submitting material, the submitter agrees that NIST may publicly disseminate such material, regardless of copyright. Submitters agree to inform NIST if the status of the submission changes (updated, discontinued, etc.). The preferred method of transmittal of the submissions is via e-mail to email@example.com.
Policies and procedures may be submitted to NIST in any area of information security including, but not limited to: Accreditation, audit trails, authorization of processing, budget planning and justification, certification, contingency planning, data integrity, disaster planning, documentation, hardware and system maintenance, identification and authentication, incident handling and response, life cycle, network security, personnel security, physical and environmental protection, production input/output controls, security policy, program management, review of security controls, risk management, security awareness training, and education (to include specific course and awareness materials), and security planning.Start Signature
Dated: August 21, 2003.
Hratch G. Semerjian,
Acting Deputy Director.
[FR Doc. 03-21948 Filed 8-26-03; 8:45 am]
BILLING CODE 3510-CN-P