The National Institute of Standards and Technology has released a second draft of Special Publication 800-39, titled “Managing Risk from Information Systems: An Organizational Perspective,” for public comment.
NIST calls the document the flagship publication in the standards and guidelines it is developing under the Federal Information Security Management Act. It provides a framework for managing the risk to organizational operations and assets, individuals, other organizations, and the nation resulting from the use of information systems. It builds on a foundation of best security practices for agency leaders, chief information officers, information system designers, developers and administrators, auditors, and inspectors general.
The current version of the document contains significant changes based on feedback on the first draft, released last fall. Comments on the current draft are being accepted at firstname.lastname@example.org until April 30.
If you have an opinion about this now is the time to speak.