The NIST List on Risk Management

FCW.com had a nice article highlighting several of the core National Institute of Standards and Technology (NIST) risk management documents in reading list form. The Federal Information Security Management Act of 2002, and more recently the Federal Risk and Authorization Management Program, had tapped NIST years ago decompose these abstract standards and guidelines into more detailed actionable recommendations so that agencies could effectively assess and manage their security risks. As a result of years to work, NIST has completed quite a comprehensive list of documentation pertaining to risk management. Although reading through these five documents isn’t the most exciting way to learn risk management, it’s probably one of the most comprehensive.

via FCW.com

The Federal Information Security Management Act of 2002 and the newer Federal Risk and Authorization Management Program provide detailed requirements regarding what agencies need to consider when assessing and managing security risks. The National Institute of Standards and Technology takes those requirements into account in developing its guidelines for agencies.

FISMA sets various standards and guidance for agencies to use when assessing risks and establishing security controls, and agencies must comply with them annually. However, the law does not yet tell agencies that they must improve security, only that they must show that they have a process in place that will enable them to do so.

However, FISMA is credited with providing a good foundation for risk management in the federal government. Its requirement for continuous monitoring of security risks and controls is considered a fundamental shift in risk management because it moves reporting from periodic snapshots to a real-time process.

Continued here.

#####

What do you think about NIST’s guidelines on risk management? Post your comments below. Today’s post pic is from ComputerServiceNow.com.

2 comments for “The NIST List on Risk Management

  1. October 24, 2012 at 4:01 pm

    BLOGGED: The NIST List on Risk Management http://t.co/xYPU9tFf

  2. October 25, 2012 at 10:59 pm

    The NIST List on Risk Management http://t.co/nzyHayEQ

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.