The National Institute of Standards and Technology has published a new set of guidelines for evaluating security and privacy controls in federal information systems, GovInfoSecurity reported Monday.
Eric Chabrow writes Ron Ross, an NIST fellow, said the guide is designed to complement continuous monitoring and information security authorization programs across the government.
“We broke down the procedures so you can target a specific part of the control,” Ross added, according to the report.
Congress last week approved Federal Information Security Management Act changes aimed at helping agencies transition from a checkbox security method to the CM technique, according to Chabrow’s article.
Ross told the publication NIST is also working on a framework to allow the organization to update and publish control standards earlier than usual.