This NISTIR represents a joint effort between NIST and the Department of Homeland Security to provide an operational approach for automating security control assessments in order to facilitate information security continuous monitoring (ISCM), ongoing assessment, and ongoing security authorizations in a way that is consistent with the NIST Risk Management Framework overall and the guidance in NIST SPs 800-53 and 800-53A in particular.
Please note – this draft NISTIR (8011) has 2 volumes – Volume 1 – Overview, and Volume 2 – Hardware Asset Management. Both volumes can be accessed by going to the CSRC Drafts page – see link above.
Send comments to: firstname.lastname@example.org
Deadline to submit comments: MARCH 18, 2016