The Inner Circle

Expand all | Collapse all

SP 800-137A, Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment 202005

  • 1.  SP 800-137A, Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment 202005

    Posted May 22, 2020 06:39:00 AM
      |   view attached
    Hi All,

    NIST has now published SP 800-137A, Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessmentwhich describes an approach to developing program assessments to evaluate ISCM programs established in accordance with NIST SP 800-137. An ISCM program assessment provides organizational leadership with information on the effectiveness and completeness of the organization's ISCM program, including a review of ISCM strategies, policies, procedures, and operations. An ISCM program assessment developed under the guidance in SP 800-137A evaluates the ISCM program itself (i.e., the structure and governance of the ISCM program) rather than the results of the ISCM program or the continuous monitoring technologies used. Creating, adopting, or using an ISCM program assessment can help reduce the overall risk to organizations by identifying gaps in an ISCM program, in the implementation of an ISCM program, or in the operational use of ISCM results.    The ISCM assessment approach can be used as presented or as the starting point for an organization-specific methodology. It includes an ISCM Program Assessment Element Catalog with example evaluation criteria and assessment procedures that can be applied to organizations. 

    To enhance usability, the ISCM Program Assessment Catalog is provided as a separate MS Excel file. See the publication details for a link to the publication and catalog.



    ------------------------------
    Michael Roza CPA, CISA, CIA
    ------------------------------


  • 2.  RE: SP 800-137A, Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment 202005

    Posted May 26, 2020 08:53:00 AM
    Are there any recommend well-known automated tools that can help with the execution of NIST SP 800 137A?

    ------------------------------
    Rodney Daniels
    CISO
    OIG
    ------------------------------