U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NISTIR 8011 Vol. 1 (Draft)

Automation Support for Security Control Assessments: Overview

Date Published: February 2016
Comments Due: March 18, 2016 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov

Author(s)

Kelley Dempsey (NIST), Paul Eavy (DHS), George Moore (APL)

Announcement

NIST is pleased to announce the initial public draft release of NIST Internal Report (NISTIR) 8011, Automation Support for Security Control Assessments, Volumes 1 and 2. This NISTIR represents a joint effort between NIST and the Department of Homeland Security to provide an operational approach for automating security control assessments in order to facilitate information security continuous monitoring (ISCM), ongoing assessment, and ongoing security authorizations in a way that is consistent with the NIST Risk Management Framework overall and the guidance in NIST SPs 800-53 and 800-53A in particular.

NISTIR 8011 will ultimately consist of 13 volumes. Volume 1 introduces the general approach to automating security control assessments, 12 ISCM security capabilities, and terms and concepts common to all 12 capabilities. Volume 2 provides details specific to the hardware asset management security capability. The remaining 11 ISCM security capability volumes will provide details specific to each capability but will be organized in a very similar way to Volume 2.

Abstract

Keywords

assessment boundary; assessment method; authorization boundary; automated security control assessment; automation; capability; continuous diagnostics and mitigation; information security continuous monitoring; dashboard; defect; defect check; desired state specification; ISCM dashboard; mitigation; ongoing assessment; root cause analysis; security automation; security capability; security control; security control assessment; assessment; actual state; security control item
Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Risk Assessment

Documentation

Publication:
Draft NISTIR 8011 Vol. 1: Overview

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8011 Vol. 2 (Draft)

Document History:
02/02/16: NISTIR 8011 Vol. 1 (Draft)
06/06/17: NISTIR 8011 Vol. 1 (Final)