From: NIST
SCAP community,
On March 21 NIST hosted a 400 person Continuous Monitoring (CM) workshop (http://scap.nist.gov/events/index.html#cm2011) to discuss the government vision for creating a CM technical reference model. The workshop was focused on the CM model overview described in draft NIST IR 7756 (http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-7756).
There was general interest in the model and we had extensive discussions. To move forward from that point, however, the workshop participants asked us to create detailed technical proposals for the model workflows, subsystems, interfaces, and bindings to SCAP (for asset, configuration, and vulnerability management). We have created this straw man material and are ready to re-engage the community in working through the low level issues. To that end, we plan to hold nine weekly teleconferences on Thursdays from 1-2pm eastern time. The first one will be on August 18 and will be a general discussion of the model. Each week thereafter, we will focus on a different workflow or subsystem. Prior to each meeting we will send out straw man material and teleconference logistics to the Emerging Specification Development List (see http://scap.nist.gov/community.html#emaillist-emerging-specs). After each meeting we will send meeting minutes, decisions, and action items to this same list. Feedback can be provided in the context of the teleconferences, on the Emerging Specifications list, or by sending email directly to the model development team at fe-comments@nist.gov.
We plan to incorporate your feedback and refine the model during these nine weeks. We will then present the resulting work at the 7th Annual IT Security Automation Conference (http://scap.nist.gov/events/index.html). Thank you in advance for your help and participation.
Sincerely,
NIST CM Modeling Leads
Leave a Reply