Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction All in the Implementation Gramm-Leach-Bliley Whip Out the Crystal Ball HIPAA An Open Door Policy Sarbanes-Oxley Executive Summary Law vs. Regulation FYI With 1386, California Leads the Way Hospitals Get HIPAA Web Links Epoll Results

To help IT comply with new regulations, the government is drawing up guidelines in the form of three Federal Information Processing Standard drafts. The first, FIPS 199, aims to help enterprises classify risks as low, moderate or high for three security objectives: confidentiality, integrity and availability. You can find the draft at csrc.nist.gov/publications/drafts/FIPS-PUB-199-ipd.pdf; NIST is accepting public comments on the matter until August 14, 2003 (see csrc.nist.gov/publications/drafts/FIPS199-FRnotice.pdf). For the second piece of the series, NIST will offer guidelines to help agencies identify the types of information and information system appropriate for each category of data. For the third, NIST plans to specify the minimum sets of security controls for each defined category of information and information system.