How does NIST ensure that its FISMA security standards and guidelines are technically correct and implementable by federal agencies?
NIST employs a comprehensive public review process on every FISMA standard and guideline to ensure the security standards and guidelines are of the highest qualitythat is, technically correct and implementable. NIST actively solicits and encourages individuals and organizations in the public and private sectors to provide feedback on the content of each of the FISMA publications. In most cases, the FISMA security publications go through three full public vetting cycles providing an opportunity for individuals and organizations to actively participate in the development of the standards and guidelines. NIST also works closely with owners, operators, and administrators of information systems within NIST to obtain real-time feedback on the implementability of the specific safeguards and countermeasures (i.e., security controls) being proposed for federal information systems. Finally, NIST has an extensive outreach program that maintains close contact with security professionals at all lev
