[Global_industry_committee] nist 800-137 out for comment

Rex Booth rex.booth at owasp.org
Tue Dec 28 11:42:11 EST 2010

Yeah - I think we'll kick off a review effort after the FedRAMP one if 
that works for everybody.

I also have a secure coding document developed by DOJ that is seeking 
comments.  Obviously in our wheelhouse...

On 12/28/2010 10:41 AM, David Campbell wrote:
> --NIST Issues Draft Document on Continuous Monitoring for IT Security
> (December 21, 2010)
> The National Institute of Standards and Technology (NIST) has released
> Special Publication 800-137: Information Security Continuous Monitoring
> for Federal Information Systems and Organizations.  The draft
> publication says that effective IT security needs to start with
> organizational level planning rather than working system by system and
> provides guidelines for developing and implementing an effective
> continuous monitoring strategy.  NIST is accepting comments on the draft
> document until March 15, 2011.
> http://gcn.com/articles/2010/12/21/nist-continuous-monitoring.aspx
> http://csrc.nist.gov/publications/drafts/800-137/draft-SP-800-137-IPD.pdf
> [Editor's Comment (Northcutt): In principle continuous monitoring is a
> great idea. I have only made one quick pass through the document, looks
> like they have changed some of the titles and descriptions and invented
> some new acronyms. If you are government or government contractor I
> encourage you to download the document, read it and give them feedback!]

More information about the Global_industry_committee mailing list