Microsoft Seeks Clarification from NIST with Respect to Continuous Monitoring

The Center for Regulatory Effectiveness (CRE) has obtained, via FOIA request, Microsoft’s comments to NIST on the Initial Public Draft of their continuous monitoring guidance document, SP 800-137.

Microsoft’s comments include a request that NIST “Please clarify what the ‘organization-wide tools’ mentioned” on p. 21 of the draft with respect to continuous monitoring strategy at organizational Tiers 1 and 2.

Microsoft’s complete comments are attached below.  CRE will be releasing the SP 800-137 comments of additional private sector and federal agency stakeholders.



Leave a Reply

Your email address will not be published.

Please Answer: *