The National Institute for Standards and Technology (NIST) Should Adopt Real Time Continuous Monitoring for Federal Cyber Security Operations
A little known agency in the Department of Commerce, NIST is working on an issue of critical importance—developing standards to protect the federal information technology infrastructure from cyber-attacks as required by FISMA (Federal Information Security Management Act)
The Center for Regulatory Effectiveness emphasizes that if pending legislation were enacted the FISMA standards could be mandated on some private sector information systems including those dealing with water supply, transportation, financial and nuclear control systems . For this reason it is imperative that NIST make the comments it receives available to the public.
Finally, the gold standard for continuous monitoring is monitoring done in real time—a needed step which NIST should take.
The public is encouraged to offer their comments on this important public policy issue in the section below.
The CRE comments are attached herewith NIST Comments CRE ..