NIST’s revised Development Schedule for FISMA Implementation deleted all reference to SP 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations. The Initial Public Draft of SP 800-137 was released by NIST on December 16, 2010 with a comment period ending on March 15, 2011.
NIST’s previous revision to the Development Schedule cancelled a planned 2nd Public Draft of SP 800-137 but otherwise left its development intact.
NIST has not yet provided any indication of: 1) Why SP-800-137 was deleted from the Development Schedule; 2) what the revised schedule means for the fate of the guidance document; or 3) what the deletion of the document may mean for implementation of continuous monitoring requirements by federal agencies.
Attached below are NIST’s previous (January 10, 2011) and current (April 11, 2011) FISMA Implementation Development Schedules.