Home / News / NIST Publishes Guidance on Implementing a Continuous Monitoring Process to Secure Info Systems

NIST Publishes Guidance on Implementing a Continuous Monitoring Process to Secure Info Systems

cybersecurityThe National Institute of Standards and Technology has released guidance for federal agencies transitioning to ongoing authorization as part of the Office of Management and Budget‘s information system continuous monitoring requirement, Federal News Radio reported Friday.

The guide supplements OMB’s 2013 memo on ISCM, a systems and data security approach all agencies are required to implement by 2017, writes Stephanie Wasko.

The office tasked NIST to establish the process and criteria for the information system authorization upgrade, including metrics to assess security controls, reporting of identified threats and vulnerabilities and authorization frequency.

The ISCM process must have “the appropriate rigor and assessment frequencies to support the organization’s mission/business requirements, risk tolerance and security categorization,” NIST said, according to the report.

Wasko writes the guidance also differentiated between a time-driven and event-driven frequency to assess risk, both requiring the authorization officer to review the gathered information and adjust the ISCM process if needed.

Overall, NIST recommends a gradual transition to ongoing authorization, which it expects to help make “risk-based decision-making” more timely and efficient, the report said.

Check Also

New VA Law Set to Streamline Claims, Appeals Process for Veterans

The Department of Veterans Affairs implemented legislation to streamline the agency’s claims and appeals process for former U.S. service members. VA said Tuesday that the Veterans Appeals Improvement and Modernization Act of 2017 will reduce its inventory of legacy appeals. 

Leave a Reply

Your email address will not be published. Required fields are marked *