NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested. This series of technical publications, based on NIST Special Publication (SP) 800-53 controls and SP 800-53A control assessment procedures, is organized into multiple volumes, each dedicated to addressing a specific security capability (security capabilities are groups of controls that support a common purpose). Previously published volumes, which were based on SP 800-53, Revision 4, are being revised. New volumes covering additional security capabilities are being developed.
The NIST Risk Management Framework (RMF) team seeks feedback from individuals and organizations who have used our guidance for supporting automated security control assessments. We would like to better understand the use of the IR 8011 series by adopters, success stories, what adopters liked/disliked about the methodology and about the series overall, the challenges (if any) adopters faced during implementation, and how we can improve the entire series – from the proposed methodology to ways to facilitate its adoption.
Feedback can be sent via email to the following address: 8011comments [at] list.nist.gov.
We are looking specifically for information such as:
Adoption Status (e.g., used guidance in the past; currently use; planning to use).
How the IR 8011 Series is Being Used – and by Whom (e.g., applied guidance in-house [i.e., for internal operations] or developed a solution that can be used by ot ..
Support the originator by clicking the read the rest link below.
