Old Saint NIST: Ho Ho Hold on, what’s this?

Posted December 13th, 2009 by

Every once in a while an opportunity presents itself to affect some real change in federal information security practice.  Now is such a time.  A slew of new NIST documents are being released between now and April.  These are the core NIST documents that describe how to satisfy FISMA.  They include NIST SPs 800-30 Revision 1, 800-39, 800-37 Revision 1 and 800-53A Revision 1. That’s where you come in.

The documents define what federal government practice will look like in the coming years.  If they are flawed then the practice will be flawed.  To prevent stupidity from leaking in when nobody is looking NIST releases the documents as drafts so everyone gets a chance to eyeball them.  First you eyeball, then you comment.  They look at the comments and they fix the flaws.  Fix the flaws now and you don’t live with them later.

The most important document in draft right now is the NIST Special Publication 800-37 Revision 1.  This document describes the central processes involved in the authorization of information systems that support the federal government.  Notice I didn’t say Certification and Accreditation?  That’s because C&A is deader than a sheep at a wolf convention. Want to know what replaces it?  Pick up a copy of NIST SP 800-37r1 FPD, give it a read and send in your comments.

Better yet, consider joining a formal document review process.  I’m leading a team of hale and hearty volunteers at OWASP in a NIST SP 800-37r1 FPD review and we’d love to have you come join the fun.   We’re on a tight schedule so now is the time to act.

Time is short, the comment period for NIST SP 800-37 Revision 1 FPD ends on December 31st, 2009.



Similar Posts:

Posted in NIST | 3 Comments »
Tags:

3 Responses

  1.  Tweets that mention Old Saint NIST: Ho Ho Hold on, what’s this? | The Guerilla CISO -- Topsy.com Says:

    [...] This post was mentioned on Twitter by rybolov, Paulo Coimbra. Paulo Coimbra said: RT @rybolov: New blog thingy: @danphilpott and #OWASP are doing a review of NIST SP 800-37R1 and need help. http://bit.ly/73ws5y [...]

  2.  uberVU - social comments Says:

    Social comments and analytics for this post…

    This post was mentioned on Twitter by rybolov: New blog thingy: @danphilpott and #OWASP are doing a review of NIST SP 800-37R1 and need help. http://bit.ly/73ws5y

  3.  System Advancements at the Monastery » Blog Archive » COBIT 5 = COBIT 4.1 + Risk IT + Val IT 2.0 Says:

    [...] Federal Information Systems: A Security Life Cycle Approach.” To quote Dan Phillpott over on the Guerilla CISO site, “This document describes the central processes involved in the authorization of [...]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: