In 2017, the National Institute of Standards and Technology (NIST) published a methodology for supporting the automation of Special Publication (SP) 800-53 control assessments in the form of Interagency Report (IR) 8011. IR 8011 is a multi-volume series that starts with an overview of the methodology (volume 1) and provides guidance and specifications for automating the assessment of controls that support specific information security continuous monitoring security capabilities, one volume per capability. Four volumes have been released so far, and more volumes are in development. In 2023, the NIST Risk Management Framework project — responsible for the development and maintenance of Federal Information Security Modernization Act (FISMA)-supporting technical publications and the IR 8011 series — performed an internal review of the IR 8011 project. This review yielded results that offered the IR 8011 Development Team opportunities to improve the current IR 8011 methodology, facilitate its adoption, and more. This cybersecurity white paper summarizes some of the findings from this internal review.
In 2017, the National Institute of Standards and Technology (NIST) published a methodology for supporting the automation of Special Publication (SP) 800-53 control assessments in the form of Interagency Report (IR) 8011. IR 8011 is a multi-volume series that starts with an overview of the...
See full abstract
In 2017, the National Institute of Standards and Technology (NIST) published a methodology for supporting the automation of Special Publication (SP) 800-53 control assessments in the form of Interagency Report (IR) 8011. IR 8011 is a multi-volume series that starts with an overview of the methodology (volume 1) and provides guidance and specifications for automating the assessment of controls that support specific information security continuous monitoring security capabilities, one volume per capability. Four volumes have been released so far, and more volumes are in development. In 2023, the NIST Risk Management Framework project — responsible for the development and maintenance of Federal Information Security Modernization Act (FISMA)-supporting technical publications and the IR 8011 series — performed an internal review of the IR 8011 project. This review yielded results that offered the IR 8011 Development Team opportunities to improve the current IR 8011 methodology, facilitate its adoption, and more. This cybersecurity white paper summarizes some of the findings from this internal review.
Hide full abstract
