http://www.gcn.com/online/vol1_no1/46698-1.html By William Jackson GCN.com 07/22/08 The National Institute of Standards and Technology has released a revised version of guidelines for developing metrics to ensure that agencies meet information technology security requirements. Special Publication 800-55, Revision 1 [1], titled "Performance Measurement Guide for Information Security," is intended to assist agencies in developing, selecting and implementing security measures used at the IT system and program levels. It uses security controls identified in NIST SP 800-53, "Recommended Security Controls for Federal Information Systems," as a basis for developing metrics that support the evaluation of IT security programs. The original version of SP 800-55 was published in 2003. Requirements for securing and evaluating IT systems are included in a number of laws, including the Clinger-Cohen Act, the Government Performance and Results Act, the Government Paperwork Elimination Act and the Federal Information Security Management Act. However, the laws do not specify how agencies are to conduct the evaluations, so the NIST document provides the necessary guidance. [1] http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf [...] _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Wed Jul 23 2008 - 00:38:57 PDT
This archive was generated by hypermail 2.2.0 : Wed Jul 23 2008 - 00:48:05 PDT