NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested. This series of technical publications, based on NIST Special Publication (SP) 800-53 controls and SP 800-53A control assessment procedures, is organized into multiple volumes, each dedicated to addressing a specific security capability (security capabilities are groups of controls that support a common purpose). Previously published volumes, which were based on SP 800-53, Revision 4, are being revised. New volumes covering additional security capabilities are being developed.
The NIST Risk Management Framework (RMF) team seeks feedback from individuals and organizations who have used our guidance for supporting automated security control assessments. We would like to better understand the use of the IR 8011 series by adopters, success stories, what adopters liked/disliked about the methodology and about the series overall, the challenges (if any) adopters faced during implementation, and how we can improve the entire series – from the proposed methodology to ways to facilitate its adoption.
Feedback can be sent via email to the following address: 8011comments@list.nist.gov.
We are looking specifically for information such as:
Feedback received will not be published or shared. There is no due date to respond (feedback can be provided at any time); however, the sooner the feedback is received, the sooner it may be considered, and possibly reflected on revisions and new development.
For questions about this call for feedback, please email: 8011comments@list.nist.gov.
Security and Privacy: asset management, audit & accountability, continuous monitoring, security automation, security controls, threats