Date Published: January 2012
Comments Due: February 17, 2012 (public comment period is CLOSED)
Email Questions to:
fe-comments@nist.gov
Planning Note (11/02/2022):
NIST has discontinued additional development of this document, which is provided here in its entirety for historical purposes.
NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7800, Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains. This publication binds together the Continuous Monitoring workflows and capabilities described in NIST IR 7799 to specific data domains. It focuses on the Asset Management, Configuration and Vulnerability data domains. It leverages the Security Content Automation Protocol (SCAP) version 1.2 for configuration and vulnerability scan content, and it dictates reporting results in an SCAP-compliant format. This specification describes an overview of the approach to each of the three domains, how they bind to specific communication protocols, and how those protocols interact. It then defines the specific requirements levied upon the various capabilities of the subsystems defined in NIST IR 7799 that enable each data domain.
Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection
Publication:
Draft NISTIR 7800 (pdf)
Supplemental Material:
None available
Related NIST Publications:
Document History:
01/20/12: IR 7800 (Draft)
audit & accountability, continuous monitoring, incident response, maintenance, security automation, threats, vulnerability management
Laws and RegulationsFederal Information Security Modernization Act, OMB Circular A-130