[ISN] CAG plays complementary role on security

From: InfoSec News <alerts_at_private>
Date: Mon, 9 Mar 2009 10:53:53 -0600 (CST)
http://gcn.com/articles/2009/03/09/update1-cag-security-controls.aspx

By William Jackson
GCN.com
Mar 09, 2009

The information technology security controls recently released as the 
Consensus Audit Guidelines are not intended to replace guidance for 
complying with federal IT security requirements. But they could 
complement those efforts by supplying a prioritized baseline of 
controls.

The National Institute of Standards and Technology, charged with 
developing standards and guidelines for complying with the Federal 
Information Security Management Act (FISMA), has produced a 
comprehensive set of recommended security controls that covers much of 
the same territory as CAG, which was developed by a group of government 
and private-sector organizations.

"We included many of the same control elements addressed in the CAG 
initiative," said Ron Ross, a senior computer scientist at NIST.

NIST recently released for review its first major update of the 
guidelines, Special Publication 800-53, titled "Recommended Security 
Controls for Federal Information Systems and Organizations." When the 
public review for SP 800-53 ends March 27, the two documents could be 
more closely aligned.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Mon Mar 09 2009 - 09:53:53 PDT

This archive was generated by hypermail 2.2.0 : Mon Mar 09 2009 - 09:56:17 PDT