By William Jackson
Mar 09, 2009
The information technology security controls recently released as the
Consensus Audit Guidelines are not intended to replace guidance for
complying with federal IT security requirements. But they could
complement those efforts by supplying a prioritized baseline of
The National Institute of Standards and Technology, charged with
developing standards and guidelines for complying with the Federal
Information Security Management Act (FISMA), has produced a
comprehensive set of recommended security controls that covers much of
the same territory as CAG, which was developed by a group of government
and private-sector organizations.
"We included many of the same control elements addressed in the CAG
initiative," said Ron Ross, a senior computer scientist at NIST.
NIST recently released for review its first major update of the
guidelines, Special Publication 800-53, titled "Recommended Security
Controls for Federal Information Systems and Organizations." When the
public review for SP 800-53 ends March 27, the two documents could be
more closely aligned.
Best Selling Security Books and More!