Last week I noticed NIST put out another draft infosec document that they need comments on. This time the publication that needs updated is SP 800-30, Guide for Conducting Risk Assessment, Revision 1. And updated it is in need of… NIST released the original version almost 10 years ago. Then it was known as...
Read more »
Every once in a while an opportunity presents itself to affect some real change in federal information security practice. Now is such a time. A slew of new NIST documents are being released between now and April. These are the core NIST documents that describe how to satisfy FISMA. They include NIST SPs 800-30 Revision...
Read more »
Rybolov from The Guerilla CISO, a local infosec NoVA-based blog, has put together a great blog post about NIST’s latest effort to modernize SP 800-30: Risk Management Guide for Information Systems. In his post he stresses how NIST should not change this document into a “catalog of controls gap analysis” process to favor compliance...
Read more »
