From: NIST
A new NIST Computer Security Division publication, Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management, has been posted at http://csrc.nist.gov/publications/nistpubs/800-37-rev1/nist_oa_guidance.pdf. This publication responds to a requirement from the Office of Management and Budget (OMB) in Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, and provides clarifying and amplifying guidance on the application of current NIST guidelines to the security authorization process to facilitate the transition to ongoing authorization. There will be no public comment period for this publication.
NIST Special Publications 800-37, 800-39, and 800-137 are the authoritative sources on guidance for risk management, authorization, ongoing authorization, and information security continuous monitoring. The guidance in this publication leverages and reinforces the existing guidance and is not intended to diverge from or supersede the guidance in those Special Publications.
The NIST Computer Security Resource Center (CSRC) Publications page is http://csrc.nist.gov/publications/PubsSPs.html. The OA Guidance is posted in the SP 800-37, Revision 1 section. To view news announcements go to http://csrc.nist.gov/news_events/index.html.
Ron S. Ross, Ph.D. Project Leader FISMA Implementation Project Joint Task Force Transformation Initiative
Leave a Reply