NIST plans to update Special Publication (SP) 800-100, Information Security Handbook: A Guide for Managers, and is issuing a Pre-Draft Call for Comments to solicit feedback from users. The public comment period is open through February 23, 2024.
Since SP 800-100 was published in October of 2006, NIST has developed new frameworks for cybersecurity and risk management and released major updates to critical resources and references. This revision would focus the document’s scope for the intended audience and ensure alignment with other NIST guidance. Before revising, NIST would like to invite users and stakeholders to suggest changes that would improve the document’s effectiveness, relevance, and general use with regard to cybersecurity governance and the intersections between various organizational roles and information security.
NIST welcomes feedback and input on any aspect of SP 800-100 and additionally proposes a list of non-exhaustive questions and topics for consideration:
What role do you fill in your organization?
How have you used or referenced SP 800-100?
What specific topics in SP 800-100 are most useful to you?
What challenges have you faced in applying the guidance in SP 800-100?
Is the document’s current level of specificity appropriate, too detailed, or too general? If the level of specificity is not appropriate, why?
How can NIST improve the alignment between SP 800-100 and other frameworks and publications?
What new cybersecurity capabilities, challenges, or topics should be addressed?
What current topics or sections in the document are out of scope, no longer relevant, or better addressed elsewhere?
Are there other substantive suggestions that would improve the document?
Specific topics to consider for revision or improvement:
Cybersecurity governance
Role of information security in the software development life cycle (e.g., agile development)
Contin ..
Support the originator by clicking the read the rest link below.
