Home / Blogs

NIST Cancels FISMA Continuous Monitoring Document's 2nd Public Draft

NIST has released a revised FIMSA Implementation Schedule that omits a previously planned Second Public Draft of SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations. Instead, NIST plans to proceed directly to a Final Public Draft, now expected in May 2011.

The need for enhanced transparency in the FISMA implementation process was highlighted by NIST's decision to drop a round of public comment on the continuous monitoring guidance document. Specifically, NIST should publish on their website all public comments received on the initial public draft of SP 800-137. Any confidential business information could be redacted.

Publishing the submissions would allow the public to comment on the materials the agency receives on the initial draft. A comments-on-comments process is invaluable for vetting and ventilating the information receives on the draft document. The reduced opportunity for public comment under NIST's revised FISMA Implementation Schedule increases the need for independent review of claims made in comments on the initial public draft.

Since NIST has not indicated that they will publish the comments, The Center for Regulatory Effectiveness will be hosting all SP 800-137 they receive copies of on their FISMA Focus SP 800-137 Discussion Forum. Copies of comments may be submitted directly on the forum or sent be email to levinson@thecre.com.

For more information, please see FISMA Focus.

By Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC