To comply with the government’s Federal Information Security Management Act of 2002 (FISMA), federal agencies must apply baseline security controls. Since agencies have different mission requirements and operational environments, finding the right baseline can be difficult. The National Institute of Standards and Technology (NIST) has released a draft of its Recommended Security Controls for Federal Information Systems, a comprehensive paper that outlines three classes and 17 “families” of security controls, and mapped these to standards including those from ISO and Department of Defense. The paper can be useful to private sector security personnel as well. @ You can download the NIST paper at SM Online.