In "New Document Provides Framework for Interagency Data Sharing," Henry Kenyon describes a newly released document that sets common standards for data security and risk management: the NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST SP-800-37).
Here, Kenyon adds to the story with a bit more information from Roger L. Caslow, chief of the Risk and Information Assurance Program Division, Office of the Associate Director of National Intelligence and Chief Information Officer (ADNI/CIO, IC CIO). "The RMF provides a framework for more effectively managing information system related security risks in highly dynamic environments of complex and sophisticated cyber threats, ever increasing system vulnerabilities, and rapidly changing missions, thereby enhancing our overall cyber security posture," says Caslow.
The document also builds on another document, NIST SP 800-53, which created a unified security control catalog to support the information security requirements of the national security community and the non-national security community. NIST officials say that SP 800-37 completes the transformation of the federal government's traditional certification and accreditation processes for information systems to a near-real time assessment and authorization capability. Caslow explains that the 800-37 framework, NIST SP 800-53 security controls, and other Joint Task Force Transformation Initiative publications support a common taxonomy across the federal landscape that facilitates more efficient communications between cyber security professionals, program managers, developers, acquisition officials, and senior decision makers.
Caslow says that the intelligence community anticipates that aligned processes and cyber community standardization will provide greater transparency of security and risk-related information and reciprocity of authorization results. "As a result, information sharing across the entire federal community becomes a reality. The Defense Department adoption of Joint Task Force Transformation Initiative publications provides greater protection of our shared cyber fabric through the adoption and implementation of common standards and procedures," he says.