NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

FISMA NEWS

Special Publication 800-53 Revision 4
Security and Privacy Controls for Federal Information Systems and Organizations (Final)
(April 2013)
To view the full announcement of document release.

Updated FISMA Publication Schedule Posted
August 21, 2012
 
The NIST FISMA Implementation Project has updated its publications schedule. The schedule (dated August 20, 2012) can be downloaded at: http://csrc.nist.gov/groups/SMA/fisma/schedule.html.

The modified schedule accounts for the recent changes in publication priorities for SP 800-30, Revision 1 and SP 800-53, Revision 4. The changes also affect the publication schedule for SP 800-53A, Revision 2.

You will note that:

SP 800-30, Revision 1: Guide for Conducting Risk Assessments

  • Publication refocused to address only risk assessments.
  • Publication developed as part of the Joint Task Force Transformation Initiative (DOD, ODNI, CNSS, and NIST).
  • Publication priority changed due to request from JTF partners, releasing the publication three months earlier than originally scheduled.

SP 800-53, Revision 4: Recommended Security and Privacy Controls for Federal Information Systems and Organizations

  • Publication developed as part of the Joint Task Force Transformation Initiative (DOD, ODNI, CNSS, and NIST).
  • Publication priority changed due to request from JTF partners, delaying publication until after the release on SP 800-30, Revision 1.
  • Publication may be finalized in November 2012 (eliminating FPD), pending final decision by JTF partners.

SP 800-53A, Revision 2: Guide for Assessing the Security and Privacy Controls in Federal Information Systems and Organizations

  • Publication developed as part of the Joint Task Force Transformation Initiative (DOD, ODNI, CNSS, and NIST).
  • Publication schedule will be adjusted if SP 800-53, Revision 4, is published (final) in November.

Article by Dr. Ron Ross, What Continuous Monitoring Really Means, posted July 24, 2012 in FedTech magazine



Special Publication 800-39
Managing Information Security Risk: Organization, Mission, and Information System View

(March 2011)


NIST Seeks Input for Planned 2011 Update of Security Control Catalog For Federal Information Systems and Organizations (Special Publication 800-53)
(February 24, 2011)

On-line Course Available: "Applying the Risk Management Framework to Federal Information Systems"
(June 29, 2010
See full announcement on CSRC News page.

Special Publication 800-53 Rev 3 database updated
(June 2010)

NIST Releases Special Publication 800-53A, Revision 1,
Guide for Assessing the Security Controls in Federal Information Systems and Organizations

(June 2010)
See full announcement on CSRC News page.

NIST releases FAQ on Continuous Monitoring
(June 2010)

NIST Special Publication 800-53 Revision 3
Recommended Security Controls for Federal Information Systems and Organizations

updated May 1, 2010 - see errata page for update, see CSRC news for detail
(July 2009)

NIST Special Publication 800-37 Revision 1
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

(February 2010)

DRAFT NIST IR 7328
Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems

(September 2007)

Presentation from the GCN Webinar on FISMA Implementation

Presentation from the FISMA Security Seminar
   Black and white for printing

Status of NIST Special Publication 800-26

Presentation from the Automated Security Tools Conference
       Black & White for printing

Submit comments and suggestions to:
sec-cert@nist.gov