800-37 has been in release for a while, providing the basis for the C&A process. My understanding is that C&A is evolving (and going the way of the dinosaur) very soon as NIST works with CNSS/JTF on the next big thing. I'm blanking on the rest of the details (not my space), but pinging Mike Smith (@rybolov) or Dan Philpott (@danphilpott) on Twitter would likely be a good starting point.
On 2/3/10 1:12 PM, McGovern, James F. (eBusiness) wrote: > NIST has created a draft document entitled: Guide for applying risk > management framework to federal information systems: a security > lifecycle approach. Curious to know if anyone has identified gaps, > differences in opinion, etc between NIST and how either SAMM or > BSIMM would define the same? > > ************************************************************ This > communication, including attachments, is for the exclusive use of > addressee and may contain proprietary, confidential and/or privileged > information. If you are not the intended recipient, any use, > copying, disclosure, dissemination or distribution is strictly > prohibited. If you are not the intended recipient, please notify the > sender immediately by return e-mail, delete this communication and > destroy all copies. > ************************************************************ > > > > _______________________________________________ Secure Coding mailing > list (SC-L) SC-L@securecoding.org List information, subscriptions, > etc - http://krvw.com/mailman/listinfo/sc-l List charter available at > - http://www.securecoding.org/list/charter.php SC-L is hosted and > moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, > non-commercial service to the software security community. > _______________________________________________ -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas A. Edison _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
