From: GovInfoSecurity
CIO Explains Switch to NIST Model Widely Used in Government
By Eric Chabrow
The Defense Department’s plan to adopt NIST’s risk management framework means that, for the first time, defense, intelligence and civilian federal agencies will use the same set of risk management standards.
DoD Chief Information Officer Teresa Takai on March 12 issued an instruction for the department to transition from the DoD Information Assurance Certification and Accreditation Process, commonly known by the acronym DIACAP, to NIST’s risk management framework as outlined in Special Publication 800-37 (see NIST Guidance Seen Saving Government Millions).
The National Institute of Standards and Technology risk management framework places greater emphasis than DIACAP on standards for continuous monitoring, risk assessment, risk management and systems’ assessment and authorization.
Exceeding Standards
Leave a Reply