*** The following message is from the NIST FISMA Implementation Project ***
June 28, 2010
- On-line Course Available: "Applying the Risk Management Framework to Federal Information Systems"
The purpose of this course is to provide people new to risk management with an overview of a methodology for managing organizational risk—the Risk Management Framework (RMF). The RMF was developed by the National Institute for Standards and Technology (NIST) to help organizations manage risks to and from Information Technology (IT) systems more easily, efficiently and effectively. This course describes at a high-level the importance of establishing an organization-wide risk management program, the information security legislation related to organizational risk management, the steps in the RMF, and the NIST publications related to each step. The course is available at http://csrc.nist.gov/groups/SMA/fisma/rmf-training.html. Patricia Toth may be contacted for more information at patricia.toth@nist.gov.
- SP 800-53 Rev 3 database updated
NIST released an update to SP 800-53 Revision 3 Reference Database Application making the database consistent with the May 01, 2010 security control errata changes made to Special Publication 800-53 Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, August 2009 (includes errata updates as of 05-01-2010). See Support Tools, http://csrc.nist.gov/groups/SMA/fisma/support_tools.html. The NIST SP 800-53 database application requires Microsoft Windows 7, Vista, XP, Server 2003, and Server 2008 and will not run under Windows 9x. The application is a self-contained read-only executable and requires at least 200 MB of free disk space. To install it, extract the zip archive in a directory where the user has read, write, and execute permissions. Open the SP_800-53_Rev-3_DB-R1.4.1-BETA directory and double-click the SP_800-53_Rev-3_DB-R1.4.1-BETA.exe file to run the application. For more information please contact Arnold Johnson at Arnold.johnson@nist.gov.
- Cybersecurity and Innovation in the Information Economy – July 27 Symposium
July 27 Stakeholder Meeting Addresses Cybersecurity and Innovation
As part of its initiative to ensure that the Internet continues to spawn growth and innovation, the Department of Commerce will hold a symposium on "Cybersecurity and Innovation in the Information Economy" on July 27, 2010, at the Ronald Reagan Building and International Trade Center in Washington, D.C. The event is designed for all interested stakeholders to participate and comment on the relationship between cybersecurity in the commercial space and innovation in the Internet economy, with particular emphasis on businesses that operate non-critical infrastructure.
Several senior government officials are scheduled to speak, including Commerce Secretary Gary Locke, NIST Director Patrick Gallagher, Commerce General Counsel Cameron Kerry, U.S. Chief Technology Officer Aneesh Chopra and White House Cybersecurity Coordinator Howard Schmidt. Private-sector panelists include Vint Cerf, Google; Larry Clinton, Internet Security Alliance; and James Lewis, Center for Strategic and International Studies. The symposium will place particular emphasis on cybersecurity issues faced by businesses that operate non-critical infrastructure. The agenda currently contemplates panels on "Assessing the Macro-Economic Threat and the Commercial Sector's Response," "Micro-Economic Successes and Challenges in Risk Management," "Effecting Behavioral Change" and "Roles, Responsibilities and the Global Path Forward."
This meeting is part of a review being conducted by the Commerce Department's Internet Policy Task Force, which was launched by Secretary Locke in April. The Task force is investigating successful cybersecurity strategies, the roles of the private and public sectors in cybersecurity in the commercial arena, and the relationship of cybersecurity policy to consumer welfare, job creation, and international trade. The review is being coordinated with the Office of the Cybersecurity Coordinator, Executive Office of the President.
Task force members include representatives from the National Institute of Standards and Technology, National Telecommunications and Information Administration, and the International Trade Administration.
The event will be held in the Amphitheater of the Ronald Reagan Building, from 8:30 a.m. to 4:30 p.m., and will be open to the public on a first-come, first-served basis. Registration, agenda, and the videotaped proceedings will be available on NIST web site www.nist.gov/itl/cybersecurity.cfm.
Additional registration details:
To register for the Cybersecurity and Innovation in the Information Economy meeting please follow these instructions:
The NIST Conference Registration page is best viewed using either Internet Explorer or Firefox. If you are having problems accessing the Conference Registration page, please make sure that your browser is using TLS 1.0 encryption. To set the encryption mode in Internet Explorer and Firefox: Select Tools, Options, Advanced. Click to check the box Use TLS 1.0