fyi and consideration.
Dr. Ron Ross, Stu, & the great team at NIST are looking for your feedback
regarding their massive multi-year efforts to update their world-class security
and other IT guidance (see below for more information).
http://csrc.nist.gov/sec-cert
Enjoy,
Dan
www.securitybenchmark.com
http://finance.groups.yahoo.com/group/Dans_SECemails/
http://finance.groups.yahoo.com/group/Dans_CCCemails/
___________________________________________________________________
1. Release of NIST Special Publication 800-53, Recommended Security Controls
for Federal Information Systems, Revision 1 (Public Draft)
With the imminent approval and publication of FIPS 200, Minimum Security
Requirements for Federal Information and Information Systems, we begin the
annual review and update cycle for NIST Special Publication 800-53.
2. This annual review and update cycle is important to ensure that the security
controls listed in the control catalog and the minimum security controls
populating the control baselines represent the current state-of-the-practice in
safeguards and countermeasures for
federal information systems. During the past year, we have received many
insightful comments from our customers on the format, structure, and content of
the Special Publication 800-53. The recommendations for modifications reflect:
(i) customer experience
gained from employing the security controls and security control baselines;
(ii) changing security requirements within organizations;
and (iii) new technologies that are available and can impact information
security. In addition to proposing necessary changes to Special Publication
800-53, it is also important to maintain a degree of stability within the
publication as customers gain a better understanding of the requirements and
begin to employ the security controls and security control baselines within
their organizational information systems. We believe that the annual update
and review cycle for Special Publication 800-53 strikes the appropriate balance
and achieves the objectives described above.
3. NIST Special Publication 800-53, Revision 1 (Public Draft) is now available
at
http://csrc.nist.gov/publications/drafts.html.
The proposed modifications to the catalog of security controls and security
control baselines will go through a rigorous, public review process to obtain
government and private sector feedback and to build consensus for the changes.
Comments on Special Publication 800-53, Revision 1, will be accepted through
March 31, 2006.
Comments should be forwarded to the Computer Security Division, Information
Technology Laboratory at NIST or submitted via email to sec-cert@nist.gov To
assist agencies in the review process and so changes can be readily identified,
we have provided both clean and markup copies of the draft document.
4. General information about the FISMA Implementation Project, including all of
the FISMA-related security standards & guidelines, how the FISMA publications
can be used to manage enterprise risk and build a comprehensive information
security program, and the
organizational accreditation program under development as part of Phase II, can
be found on the main web site.
http://csrc.nist.gov/sec-cert
-- from Ron Ross
-- Project Leader
-- FISMA Implementation Project
______________________________________________________
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
