Guide Addresses Security Testing Efficiency

If you have anything to do at all with security and federal information systems (or even if you don't), you will probably find the National Institute of Standards and Technology's recently released Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans interesting, if not useful.

The 387-page publication serves as a guide for assessing the effectiveness of security of controls in federal information systems and its content is expected to be incorporated into automated tools that support the information security programs of federal agencies.

"The assessment requirements presented in this latest draft are intended to make compliance with FISMA easier, more efficient and ultimately to produce better computer and information security for the federal government," noted NIST's FISMA Implementation Project Leader Ron Ross.

One of the changes to the document since the previous draft involves new guidelines for establishing policies, procedures, and responsibilities for those conducting penetration testing.

Posted by Jon Erickson at 10:44 AM  Permalink