NIST has released a revised FIMSA Implementation Schedule that omits a previously planned Second Public Draft of SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations. Instead, NIST plans to proceed directly to a Final Public Draft, now expected in May 2011.
The need for enhanced transparency in the FISMA implementation process was highlighted by NIST's decision to drop a round of public comment on the continuous monitoring guidance document. Specifically, NIST should publish on their website all public comments received on the initial public draft of SP 800-137. Any confidential business information could be redacted.
Publishing the submissions would allow the public to comment on the materials the agency receives on the initial draft. A comments-on-comments process is invaluable for vetting and ventilating the information receives on the draft document. The reduced opportunity for public comment under NIST's revised FISMA Implementation Schedule increases the need for independent review of claims made in comments on the initial public draft.
Since NIST has not indicated that they will publish the comments, The Center for Regulatory Effectiveness will be hosting all SP 800-137 they receive copies of on their FISMA Focus SP 800-137 Discussion Forum. Copies of comments may be submitted directly on the forum or sent be email to levinson@thecre.com.
For more information, please see FISMA Focus.
By Bruce Levinson, Senior Vice President, Regulatory Intervention
Related topics: Policy & Regulation, Security
To post comments, please login or create an account.
DNS SecuritySponsored byAfilias | |
Top-Level DomainsSponsored byMinds + Machines | |
MobileSponsored bydotMobi | |
DNSSponsored byNeustar UltraDNS | |
IPv6Sponsored byNominum | |
SecuritySponsored byVerisign |
