Home / Blogs

NIST Cancels FISMA Continuous Monitoring Document’s 2nd Public Draft

By Bruce Levinson

NIST has released a revised FIMSA Implementation Schedule that omits a previously planned Second Public Draft of SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations. Instead, NIST plans to proceed directly to a Final Public Draft, now expected in May 2011.

The need for enhanced transparency in the FISMA implementation process was highlighted by NIST’s decision to drop a round of public comment on the continuous monitoring guidance document. Specifically, NIST should publish on their website all public comments received on the initial public draft of SP 800-137. Any confidential business information could be redacted.

Publishing the submissions would allow the public to comment on the materials the agency receives on the initial draft. A comments-on-comments process is invaluable for vetting and ventilating the information receives on the draft document. The reduced opportunity for public comment under NIST’s revised FISMA Implementation Schedule increases the need for independent review of claims made in comments on the initial public draft.

Since NIST has not indicated that they will publish the comments, The Center for Regulatory Effectiveness will be hosting all SP 800-137 they receive copies of on their FISMA Focus SP 800-137 Discussion Forum. Copies of comments may be submitted directly on the forum or sent be email to [email protected].

For more information, please see FISMA Focus.

By Bruce Levinson

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

View All Topics