U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Call for Feedback: NIST IR 8011 Series Adoption
February 22, 2023

IR 8011 Volume 1

NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested. This series of technical publications, based on NIST Special Publication (SP) 800-53 controls and SP 800-53A control assessment procedures, is organized into multiple volumes, each dedicated to addressing a specific security capability (security capabilities are groups of controls that support a common purpose). Previously published volumes, which were based on SP 800-53, Revision 4, are being revised. New volumes covering additional security capabilities are being developed. 

The NIST Risk Management Framework (RMF) team seeks feedback from individuals and organizations who have used our guidance for supporting automated security control assessments. We would like to better understand the use of the IR 8011 series by adopters, success stories, what adopters liked/disliked about the methodology and about the series overall, the challenges (if any) adopters faced during implementation, and how we can improve the entire series – from the proposed methodology to ways to facilitate its adoption.

Feedback can be sent via email to the following address: 8011comments@list.nist.gov.

We are looking specifically for information such as:

  • Adoption Status (e.g., used guidance in the past; currently use; planning to use).
  • How the IR 8011 Series is Being Used – and by Whom (e.g., applied guidance in-house [i.e., for internal operations] or developed a solution that can be used by other organizations [e.g., adoption by a service/solution provider]).
  • Implementation Success (e.g., strengths and benefits of the IR 8011 series; what worked well to support implementation; ROI from the adoption of IR 8011).
  • Implementation Challenges and Opportunities (e.g., issues/concerns – and what can be considered for addressing them – and areas that can be improved).
  • Level of Interest (if a NIST IR 8011 Interest Group is established, would you be interested in joining it to share ideas and information with other 8011 adopters or interested parties?)

Feedback received will not be published or shared. There is no due date to respond (feedback can be provided at any time); however, the sooner the feedback is received, the sooner it may be considered, and possibly reflected on revisions and new development. 

For questions about this call for feedback, please email: 8011comments@list.nist.gov.

Created February 17, 2023, Updated February 22, 2023