NIST Released Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management (Relating to SP 800-37)

Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management

The announcement below can be found on the CSRC News page:
http://csrc.nist.gov/news_events/#june3

The Supplemental Guidance on Ongoing Authorization:Transitioning to Near Real Time Risk Management Report is located on the NIST CSRC website – URL (PDF):
http://csrc.nist.gov/publications/nistpubs/800-37-rev1/nist_oa_guidance.pdf

If you wish to review the SP 800-37 Revision 1 document which was referenced below in announcement, this URL points you to the CSRC Special Publications page to where SP 800-37 Rev. 1 is located and link to this supplemental guidance can be found here as well:
http://csrc.nist.gov/publications/PubsSPs.html#800-37

NIST announces the release of Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management. This publication responds to Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, that directed NIST to publish guidance establishing a process and criteria for federal agencies to conduct ongoing assessments and ongoing authorization. This is the first of three major updates to NIST guidance supporting the Risk Management Framework and the full transition to ongoing authorization by employing best practices in information security continuous monitoring. The second publication, an errata update to NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, will be released on June 10, 2014. This update will ensure that the Risk Management Framework (RMF) process is consistent with the new federal policy on ongoing authorization and tightly coupled to the emerging continuous monitoring activities within the federal government. The third publication, NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans, will be released as an Initial Public Draft in July 2014. This update will ensure that the security assessment procedures are consistent with the security controls in NIST Special Publication 800-53, Revision 4. In addition, to help facilitate ease of use for our customers, the revision number of SP 800-53A is being changed to Revision 4, to be consistent with the current revision number of SP 800-53.

__________
Pat O’Reilly
NIST Computer Security Division
webmaster-csrc@nist.gov (Attn: Pat O’Reilly)

---

Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your email address to log in. If you have questions or problems with the subscription service, please visit subscriberhelp.govdelivery.com. All other enquiries can be directed to webmaster-csrc@nist.gov.

This service is provided to you at no charge by the National Institute of Standards and Technology (NIST).

 

---

 

This email was sent to k34101050@gmail.com using GovDelivery, on behalf of: NIST Computer Security Resource Center · 100 Bureau Drive · Gaithersburg, MD 20899 · (301) 975-6478

Socializer Widget By Trang Anh Nam

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →