Easy access to all the Government news updates

Subscribe and receive personalized news articles straight in your inbox

*By clicking "Join us now" you agree to receive emails, promotions and general messages from ExecutiveGov. In addition, you also agree to ExecutiveGov's Privacy Policy and Terms & Conditions.


NIST Publishes Guidance on Implementing a Continuous Monitoring Process to Secure Info Systems

1 min read

cybersecurityThe National Institute of Standards and Technology has released guidance for federal agencies transitioning to ongoing authorization as part of the Office of Management and Budget‘s information system continuous monitoring requirement, Federal News Radio reported Friday.

The guide supplements OMB’s 2013 memo on ISCM, a systems and data security approach all agencies are required to implement by 2017, writes Stephanie Wasko.

The office tasked NIST to establish the process and criteria for the information system authorization upgrade, including metrics to assess security controls, reporting of identified threats and vulnerabilities and authorization frequency.

The ISCM process must have “the appropriate rigor and assessment frequencies to support the organization’s mission/business requirements, risk tolerance and security categorization,” NIST said, according to the report.

Wasko writes the guidance also differentiated between a time-driven and event-driven frequency to assess risk, both requiring the authorization officer to review the gathered information and adjust the ISCM process if needed.

Overall, NIST recommends a gradual transition to ongoing authorization, which it expects to help make “risk-based decision-making” more timely and efficient, the report said.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology

Leave a Reply

Your email address will not be published.