[Global_industry_committee] nist 800-137 out for comment
colin.watson at owasp.org
Fri Jan 7 05:18:06 EST 2011
"After FedRAMP" sounds good, the deadline is mid-March. I've added
800-137 as a pending item on the GIC page, and made a note there about
the possible DOJ document.
On 28 December 2010 16:42, Rex Booth <rex.booth at owasp.org> wrote:
> Yeah - I think we'll kick off a review effort after the FedRAMP one if
> that works for everybody.
> I also have a secure coding document developed by DOJ that is seeking
> comments. Obviously in our wheelhouse...
> On 12/28/2010 10:41 AM, David Campbell wrote:
>> --NIST Issues Draft Document on Continuous Monitoring for IT Security
>> (December 21, 2010)
>> The National Institute of Standards and Technology (NIST) has released
>> Special Publication 800-137: Information Security Continuous Monitoring
>> for Federal Information Systems and Organizations. The draft
>> publication says that effective IT security needs to start with
>> organizational level planning rather than working system by system and
>> provides guidelines for developing and implementing an effective
>> continuous monitoring strategy. NIST is accepting comments on the draft
>> document until March 15, 2011.
>> [Editor's Comment (Northcutt): In principle continuous monitoring is a
>> great idea. I have only made one quick pass through the document, looks
>> like they have changed some of the titles and descriptions and invented
>> some new acronyms. If you are government or government contractor I
>> encourage you to download the document, read it and give them feedback!]
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
More information about the Global_industry_committee