USA: NIST Discussion Draft of New Risk Management Framework for Information Systems + Organizations

On 28 September 2017, the US National Institute of Standards and Technology (NIST) released a discussion draft of new Guidelines on applying the Risk Management Framework to information systems and organizations. The Risk Management Framework integrates security and privacy controls into the system development life cycle and establishes responsibility and accountability for the security and privacy controls.

The discussion draft addresses four major objectives:

  • "To provide closer linkage and communication between the risk management processes and activities at the C-suite level of the organization and the processes and activities at the system and operational level of the organization.
  • To institutionalize critical enterprise-wide risk management preparatory activities to facilitate a more efficient and cost-effective execution of the Risk Management Framework at the system and operational level.
  • To demonstrate how the Cybersecurity Framework can be implemented using the established NIST risk management processes (i.e., developing a Federal use case).
  • To provide an integration of privacy concepts into the Risk Management Framework and support the use of the consolidated security and privacy control catalog in NIST Special Publication 800-53, Revision 5."

NIST, "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy" (Discussion Draft)

Draft NIST Special Publication 800-37 Revision 2 (Discussion Draft)

Ross, "Why Security and Privacy Matter in a Digital World", NIST Blog, 28 September 2017

Verlag Dr. Otto Schmidt vom 05.12.2017 15:09

zurück zur vorherigen Seite