Email this Article Email   

CHIPS Articles: NIST Releases Example Implementation Tool for An Information Security Continuous Monitoring Program Assessment

NIST Releases Example Implementation Tool for An Information Security Continuous Monitoring Program Assessment
By CHIPS Magazine - April 6, 2021
Information security continuous monitoring (ISCM) programs provide an understanding of risk tolerance and help officials set priorities and consistently manage information security risk throughout the organization, according to a National Institute of Standards and Technology announcement.

NISTIR 8212, An Information Security Continuous Monitoring Program Assessment(1), provides an operational approach to the assessment of an organization’s ISCM program using ISCMAx – a free, publicly available working implementation of the ISCM program assessment described in NIST SP 800-137A(2). NISTIR 8212 provides instructions for using ISCMAx and guidance for tailoring the ISCMAx tool, if required. ISCMAx is an example implementation to facilitate making, collecting, and consolidating ISCM Program Assessment Judgements, as well as recording and reporting scores and data for analysis and action, NIST said.

The ISCMAx tool is a macro-enabled Microsoft Excel application that runs on Window-based systems only. ISCMAx is not intended to be a production-level product. Download ISCMAx and NISTIR 8212 from the publication details below.

References:

Please send Questions/Comments regarding NISTIR 8212 to sec-cert@nist.gov

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer