Home / News / NIST Publishes Guidance on Implementing a Continuous Monitoring Process to Secure Info Systems

NIST Publishes Guidance on Implementing a Continuous Monitoring Process to Secure Info Systems

cybersecurityThe National Institute of Standards and Technology has released guidance for federal agencies transitioning to ongoing authorization as part of the Office of Management and Budget‘s information system continuous monitoring requirement, Federal News Radio reported Friday.

The guide supplements OMB’s 2013 memo on ISCM, a systems and data security approach all agencies are required to implement by 2017, writes Stephanie Wasko.

The office tasked NIST to establish the process and criteria for the information system authorization upgrade, including metrics to assess security controls, reporting of identified threats and vulnerabilities and authorization frequency.

The ISCM process must have “the appropriate rigor and assessment frequencies to support the organization’s mission/business requirements, risk tolerance and security categorization,” NIST said, according to the report.

Wasko writes the guidance also differentiated between a time-driven and event-driven frequency to assess risk, both requiring the authorization officer to review the gathered information and adjust the ISCM process if needed.

Overall, NIST recommends a gradual transition to ongoing authorization, which it expects to help make “risk-based decision-making” more timely and efficient, the report said.

Check Also

Four Universities to Manage Nuclear Research Centers Under DOE NNSA Partnerships

The Department of Energy's National Nuclear Security Administration has selected four universities to operate new centers of excellence under a shared allotment of $40.5M. These new centers will work to foster collaboration between the NNSA and academia under the Stewardship Science Academic Alliances program, the DOE said Monday.

Leave a Reply

Your email address will not be published. Required fields are marked *