Re: [Fed-Talk] Question on Mac approval
Re: [Fed-Talk] Question on Mac approval
- Subject: Re: [Fed-Talk] Question on Mac approval
- From: "Moore, Dallas" <email@hidden>
- Date: Tue, 03 Sep 2013 16:40:57 +0000
- Thread-topic: [Fed-Talk] Question on Mac approval
From the section titled 'Authority' in NIST SP 800-70:
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its
statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002,
Public Law 107-347, and also under the Cyber Security Act, which tasks NIST to ―develop, and revise as
necessary, a checklist setting forth settings and option selections that minimize the security risks
associated with each computer hardware or software system that is, or is likely to become widely used
within the Federal Government.‖
NIST is responsible for developing standards and guidelines, including minimum requirements, for
providing adequate information security for all agency operations and assets, but such standards and
guidelines shall not apply to national security systems. This guideline is consistent with the requirements
of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), ―Securing Agency
Information Systems,‖ as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental
information is provided in A-130, Appendix III [3].
This guideline has been prepared for use by federal agencies. It may be used by nongovernmental
organizations on a voluntary basis and is not subject to copyright, though attribution is desired.
Nothing in this document should be taken to contradict standards and guidelines made mandatory and
binding on federal agencies by the Secretary of Commerce under statutory authority, nor should these
guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce,
Director of the OMB, or any other Federal official.
v/r
Dallas Moore
Information Security Analyst
U.S. House of Representatives
Desk: 202-226-9760
Mobile: 202-815-5472
-----Original Message-----
From: fed-talk-bounces+dallas.moore=email@hidden [mailto:fed-talk-bounces+dallas.moore=email@hidden] On Behalf Of Carlos Velazquez
Sent: Saturday, August 31, 2013 12:23 AM
To: email@hidden
Subject: Re: [Fed-Talk] Question on Mac approval
Would you care to share what that statutory requirement is?
Sent from my 📲
On Aug 30, 2013, at 1:24 PM, email@hidden wrote:
> From: Peter Thoenen - NOAA Federal <email@hidden>
> To: "Beatty, Daniel D CIV NAVAIR, 474300D" <email@hidden>,
> Fed Talk <email@hidden>
> Subject: Re: [Fed-Talk] Question on Mac approval
> Message-ID: <email@hidden>
> Content-Type: text/plain; charset=UTF-8
>
> True but irrelevant IMHO. Regardless of the private sector we have a
> statutory requirement within the Federal IT space to follow NIST
> SP800-70 via 800-53 CM-2 via FIPS200.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden