We have all heard of the shortcoming of FISMA which ranges from poor compliance of infosec guidelines to poor reporting of the required controls for combating threats. With the collaboration of the Department of Defense, Department of Homeland Security, Intelligence Community, and the Committee on National Security Systems, it looks like NIST has released a FISMA revision draft. NIST proposed revisions incorporate new privacy controls for protecting feds information resources and aims at combating new threats such as cloud computing threats among others.
(We’d be curious to hear your thoughts on these revisions. Personally, I think we already have all the controls we need to cover these “new” areas … they are just embedded into what’s already there. We do not need new “fad” controls just to be buzzword compliant. If this trend continues get ready for some new “big data” controls next year. 🙂 Instead, let’s just enhance what we have instead of making it more complicated by bolting new controls on. FISMA guru @danphilpott has his comments as well… His last tweet seems to sync up with my opinion.
NIST released draft SP 800-53 Rev. 4 Security & Privacy Controls for Federal Info Systems & Orgs http://fis.ma/z2RZMx #
Gaping hole in security control catalog continues -> Number of times the term ‘application security’ shows up in SP 800-53r4: 1 #
Surprised by the number of new controls in the SP 800-53r4. Many are not selected at any baseline, which points to why they were added (IC). #
Where are these ‘new’ privacy controls people say are in SP 800-53r4 draft? All I see are privacy controls originally released last July. #
800-53 privacy controls structure bugs me. Why break them up into their own families? Adds 8 new families to current 17+1 to no effect. #
Well onto the original article. -Grecs)
The National Institute of Standards and Technology released the draft of what it calls “major” revision proposals to the catalog of federal information security management practices.
The proposals are in draft form and not finalized and the agency is requesting public comments by April 6, 2012.
The revisions to the Federal Information Security Management Act (FISMA) publication released on Feb. 28, adds guidance for combating new information security threats and incorporates new privacy controls to the framework that federal agencies use to protect their information and information systems, said NIST.
Quick reminder, the deadline for the RFC for this draft is April, 6 2012. Please let us know what you think. Today’s post image is from TECH-FAQ.