The National Institute of Standards and Technology\'s (NIST) recent release of Special Publication 800-37, Revision 1 Guide for Applying the Risk Management Fra...
The National Institute of Standards and Technology’s (NIST) recent release of Special Publication 800-37, Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach is an important change in the direction of how federal agencies achieve information security and manage information system-related security risks. It shifts the focus away from a point in time Certification and Accreditation (C&A) approach to compliance towards continually assessing risk and security authorization. As a result, the federal information security community is sending a message to the broader federal community and creating an important discussion: the cyber threat is real and must be addressed in the context of its potential impact on an organization. Cyber security is not as simple as a “check the box” requirement. The paradigm shift away from point in time security and towards obtaining situational awareness of the organization’s risk posture must be as pervasive in the federal government as the cyber threats are against us.
Regarding the impact on agency security procedures, the publication is clear on the focus of its new framework, stating:
This new Risk Management Framework builds much needed flexibility into the overall federal information security lifecycle to address the increasing nature and scope of threats in real-time, providing a number of key advantages that include:
Perhaps most importantly, agency security programs will be better positioned to evolve and mature – an absolute necessity for staying ahead of the growing and dynamic threat to our Nation’s cyber security.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.