NIST puts its security guidelines in one basket

NIST puts its security guidelines in one basket
NIST puts its security guidelines in one basket

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By William Jackson
GCN Staff
05/07/07 issue

The National Institute of Standards and Technology has released a 
database to help agencies collect data needed to assess information 
technology security programs and produce reports for action plans.

The Program Review for Information Security Management Assistance 
database, which can be downloaded at, is part of PRISMA, 
a tool NIST developed for reviewing the complex information security 
requirements and posture of federal information security programs. It 
brings together guidelines from NIST publications, federal standards, 
best practices and requirements in the Federal Information Security 
Management Act.

PRISMA provides a framework for an independent, in-house review of the 
maturity of an agency=E2=80=99s information security program. It requires 
documentation of security policies, procedures and implemented controls.

It also requires a review of the agency=E2=80=99s organizational structure, 
culture and business mission. After the assessment, the PRISMA team 
identifies problems and develops a weighted list of corrective actions.

The PRISMA framework was released in January in NIST Interagency Report 
7358. The database, which is in Microsoft Access 2003 and can help 
generate a report in Microsoft Word, was made available in April.

If you are having trouble finding guidelines or standards for your IT 
security assessment, NIST also has released a =E2=80=9CGuide to NIST Computer 
Security Documents,=E2=80=9D a PDF that indexes the more than 250 publications 
the NIST Computer Security Division issues.

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. 

Site design & layout copyright © 1986-2015 CodeGods