[Global_industry_committee] nist 800-137 out for comment

Colin Watson colin.watson at owasp.org
Fri Jan 7 05:18:06 EST 2011

"After FedRAMP" sounds good, the deadline is mid-March.  I've added
800-137 as a pending item on the GIC page, and made a note there about
the possible DOJ document.


On 28 December 2010 16:42, Rex Booth <rex.booth at owasp.org> wrote:
> Yeah - I think we'll kick off a review effort after the FedRAMP one if
> that works for everybody.
> I also have a secure coding document developed by DOJ that is seeking
> comments.  Obviously in our wheelhouse...
> On 12/28/2010 10:41 AM, David Campbell wrote:
>> --NIST Issues Draft Document on Continuous Monitoring for IT Security
>> (December 21, 2010)
>> The National Institute of Standards and Technology (NIST) has released
>> Special Publication 800-137: Information Security Continuous Monitoring
>> for Federal Information Systems and Organizations.  The draft
>> publication says that effective IT security needs to start with
>> organizational level planning rather than working system by system and
>> provides guidelines for developing and implementing an effective
>> continuous monitoring strategy.  NIST is accepting comments on the draft
>> document until March 15, 2011.
>> http://gcn.com/articles/2010/12/21/nist-continuous-monitoring.aspx
>> http://csrc.nist.gov/publications/drafts/800-137/draft-SP-800-137-IPD.pdf
>> [Editor's Comment (Northcutt): In principle continuous monitoring is a
>> great idea. I have only made one quick pass through the document, looks
>> like they have changed some of the titles and descriptions and invented
>> some new acronyms. If you are government or government contractor I
>> encourage you to download the document, read it and give them feedback!]
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee

More information about the Global_industry_committee mailing list