NIST, Computer Security Division, Computer Security Resource Center
FISMA NEWS
Updated FISMA Publication Schedule Posted
August 21, 2012
The NIST FISMA Implementation Project has updated its publications schedule. The schedule (dated August 20, 2012) can be downloaded at: http://csrc.nist.gov/groups/SMA/fisma/schedule.html.
The modified schedule accounts for the recent changes in publication priorities for SP 800-30, Revision 1 and SP 800-53, Revision 4. The changes also affect the publication schedule for SP 800-53A, Revision 2.
You will note that:
SP 800-30, Revision 1: Guide for Conducting Risk Assessments
- Publication refocused to address only risk assessments.
- Publication developed as part of the Joint Task Force Transformation Initiative (DOD, ODNI, CNSS, and NIST).
- Publication priority changed due to request from JTF partners, releasing the publication three months earlier than originally scheduled.
SP 800-53, Revision 4: Recommended Security and Privacy Controls for Federal Information Systems and Organizations
- Publication developed as part of the Joint Task Force Transformation Initiative (DOD, ODNI, CNSS, and NIST).
- Publication priority changed due to request from JTF partners, delaying publication until after the release on SP 800-30, Revision 1.
- Publication may be finalized in November 2012 (eliminating FPD), pending final decision by JTF partners.
SP 800-53A, Revision 2: Guide for Assessing the Security and Privacy Controls in Federal Information Systems and Organizations
- Publication developed as part of the Joint Task Force Transformation Initiative (DOD, ODNI, CNSS, and NIST).
- Publication schedule will be adjusted if SP 800-53, Revision 4, is published (final) in November.
Article by Dr. Ron Ross, What Continuous Monitoring Really Means, posted July 24, 2012 in FedTech magazine
DRAFT Special Publication 800-53 Revision 4
Security and Privacy Controls for Federal Information Systems and Organizations (Initial Public Draft)
(February 2012)
Special Publication 800-39
Managing Information Security Risk: Organization, Mission, and Information System View
(March 2011)
NIST Seeks Input for Planned 2011 Update of Security Control Catalog For Federal Information Systems and Organizations (Special Publication 800-53)
(February 24, 2011)
On-line Course Available: "Applying the Risk Management Framework to Federal Information Systems"
(June 29, 2010
See full announcement on CSRC News page.
Special Publication 800-53 Rev 3 database updated
(June 2010)
NIST Releases Special Publication 800-53A, Revision 1,
Guide for Assessing the Security Controls in Federal Information Systems and Organizations
(June 2010)
See full announcement on CSRC News page.
NIST releases FAQ on Continuous Monitoring
(June 2010)
NIST Special Publication 800-53 Revision 3
Recommended Security Controls for Federal Information Systems and Organizations
updated May 1, 2010 - see errata page for update, see CSRC news for detail
(July 2009)
NIST Special Publication 800-37 Revision 1
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
(February 2010)
Initial Public Draft (IPD) of exemplary Assessment Cases for the security control assessment procedures described in Appendix F of SP 800-53A (June 2008), Guide for Assessing the Security Controls in Federal Information Systems
Note: Date added to title to note that the assessment procedures currently posted are for the July 2008 version of 800-53A, <strong>NOT</strong> the recently posted 800-53A Revision 1, June 2010 version.
(August 14, 2008)
DRAFT NIST IR 7328
Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems
(September 2007)
Presentation from the GCN Webinar on FISMA Implementation
Presentation from the FISMA Security Seminar
Black and white for printing
Status of NIST Special Publication 800-26
Presentation from the Automated Security Tools Conference
Black & White for printing
Submit comments and suggestions to:
sec-cert@nist.gov