[Global_industry_committee] nist 800-137 out for comment

David Campbell dcampbell at owasp.org
Tue Dec 28 10:41:41 EST 2010


--NIST Issues Draft Document on Continuous Monitoring for IT Security
(December 21, 2010)
The National Institute of Standards and Technology (NIST) has released
Special Publication 800-137: Information Security Continuous Monitoring
for Federal Information Systems and Organizations.  The draft
publication says that effective IT security needs to start with
organizational level planning rather than working system by system and
provides guidelines for developing and implementing an effective
continuous monitoring strategy.  NIST is accepting comments on the draft
document until March 15, 2011.
http://gcn.com/articles/2010/12/21/nist-continuous-monitoring.aspx
http://csrc.nist.gov/publications/drafts/800-137/draft-SP-800-137-IPD.pdf
[Editor's Comment (Northcutt): In principle continuous monitoring is a
great idea. I have only made one quick pass through the document, looks
like they have changed some of the titles and descriptions and invented
some new acronyms. If you are government or government contractor I
encourage you to download the document, read it and give them feedback!]


-- 
David Campbell
Open Web Application Security Project
http://www.owasp.org



More information about the Global_industry_committee mailing list