What legislation is the NIST program in response to?
The Cyber Security Research and Development Act of 2002 (Public Law 107-305) tasks NIST to “develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks associated with each computer hardware or software system that is, or is likely to become widely used within the Federal Government.” In addition, the Common Configuration Working Group Report of the Technical Standards and Common Criteria Task Force, formed at the Department of Homeland Security’s first National Cyber Security Summit in 2003, recommended government promotion of the use of a NIST central repository for IT security configuration checklists. In response, this document has been developed by NIST in furtherance of its statutory responsibilities under the Cyber Security Act as well as the Federal Information Security Management Act (FISMA) of 2002 (Public Law 107-347).
