Editors Note: The public is encouraged to raise any questions they have regarding the content of the NIST guidance in this Interactive Public Docket so others might share their views in preparation of comments to NIST.
NIST has published the Initial Public Draft of Special Publication 800-137 “Information Security Continuous Monitoring for Federal Information Systems and Organizations.”
NIST’s Notice is below and the draft document is attached.
DRAFT Information Security Continuous Monitoring for Federal Information Systems and Organizations
NIST announces the publication of Special Publication 800-137 (initial public draft), Information Security Continuous Monitoring for Federal Information Systems and Organizations. The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls. It provides ongoing assurance that planned and implemented security controls are aligned with organizational risk tolerance as well as the information needed to respond to risk in a timely manner should observations indicate that the security controls are inadequate.
NIST requests comments on the initial public draft of Special Publication 800-137 by March 15, 2011. Please submit all comments to email@example.com.