Search FCW

Advanced Search
Subscribe Now!
Table of Contents
Business
BPM
CXOs
Columns
Columnists
Defense
E-Government
Elections 2008
Enterprise Architecture
Funding
Homeland Security
Health IT
IPv6
LOB
Management
Procurement
Privacy
Policy
Program Management
State and Local
Security
Technology
Telework
Workforce

More Topics
resourcecenter
Home
Letters to the Editor
Current Issue/Download
Print/Online Archives
Editorial Calendar
resourcecenter
Oracle Microsite
DISA Guidebook
GI: Network Mgmt
Green Computing
Tech Watch: COOP
PR: IT Security
Alliant Contract Guide
Tech Watch: Mobile IT
Content Library

More >>



Latest News
ADVERTISEMENT




 

NIST to develop credentials for FISMA consultants

By Mary Mosquera
Published on November 30, 2007

Comment

Click here to comment on this article

Related story links

ODNI changes FISMA focus

ODNI tests Justice security control application

NIST prepares due diligence standards for cybersecurity

Newsletters

You might also be interested in these FCW newsletters:

Daily
Security

To learn more, click here.

The National Institute of Standards and Technology has begun a project to develop a set of security credentials aimed at assessment providers.

The credentials build on NIST’s security and risk management guidance for the Federal Information Security Management Act.

Agencies typically hire contractors to help them certify and accredit their systems to meet FISMA requirements. As agencies move to a risk management approach, it is important that they be confident that the contractors they hire can adequately provide those services, said Ron Ross, NIST senior computer scientist.

“In essence, we’re going to be credentialing organizations to demonstrate their competence in applying everything that you see in NIST’s Risk Management Framework,” he said at an information assurance conference sponsored by Guidance Software on Nov. 29.

NIST released on Sept. 29 a draft document outlining provider requirements and customer responsibilities for the program, which Ross calls FISMA II.

NIST has developed standards and guidelines to move agencies toward a dynamic, risk management approach to FISMA, highlighted by continuous monitoring of security controls. The goal is to move away from what has been a paper exercise that documents an agency’s security state based on a snapshot in time.

In addition, NIST, the Office of the Director of National Intelligence and the Defense Department are working on converging security standards across government to encourage trust in each other’s systems and information sharing.

Besides setting a bar for security assessors, NIST also wants to develop a stronger and more competent cybersecurity workforce. NIST is developing a set of training modules for each of the standards and guidelines in its FISMA series, with the first module anticipated for next spring, Ross said.

Each module will include frequently asked questions; a crib sheet version of fundamentals, such as how to do security categorization or tailor security controls; and a detailed and comprehensive guide for each standard. He hopes to link it to the Information System Security Line of Business.

“These training modules will be developed at government expense, offer classes free of charge in the first couple of cycles to get the students and to give us feedback on how the training modules really are,” Ross said. After NIST makes some revisions to the modules, NIST will make them available to the public and private sectors.



upcoming event

Solution Seminar: Realizing the Benefits of Unified Physical and Logical Security Systems
May 6, 2008

Green Computing Summit 2008
May 20, 2008


 

head
fcw
issue
First Name State
Last Name Zip
Title Email
     

Home | About | Contact | Customer Help | Privacy Policy | Editorial Info | Advertise | Link policy / Reprints | Site Map


1105 Media, Inc.

© 1996-2008 1105 Media, Inc. All Rights Reserved.