NIST Unveils Continuous Monitoring Draft Guidance

Feb. 17 Deadline for Public Comments on 3 Interagency Reports
NIST Unveils Continuous Monitoring Draft Guidance
The National Institute of Standards and Technology is seeking public comment on three interagency reports that provide guidance on the continuous monitoring for security vulnerabilities of information systems. They are:

According to NIST:

IR 7756

IR 7756 presents an enterprise continuous monitoring technical reference architecture that extends the framework provided by the Department of Homeland Security's CAESARS architecture. The goal is to facilitate enterprise continuous monitoring by presenting a reference architecture that allows organizations to aggregate collected data from across a diverse set of security tools, analyze that data, perform scoring, enable user queries and provide overall situational awareness. The model design is focused on allowing organizations to realize this capability by leveraging their existing security tools and thus avoiding complicated and resource intensive custom tool integration efforts.

IR 7799

IR 7799 provides the technical specifications for the continuous monitoring reference model presented in IR 7756. These specifications allow multi-instance continuous monitoring implementations, hierarchical tiers, multi-instance dynamic querying, sensor tasking, propagation of policy, policy monitoring and policy compliance reporting.

A major focus of the specifications is on workflows that describe the coordinated operation of all subsystems and components within the model. Another focus is on subsystem specifications that enable each subsystem to play its role within the workflows. The final focus is on interface specifications that supply communication paths between subsystems. These three sets of specifications - workflows, subsystems and interfaces - are written to be data domain agnostic, which means that they can be used for continuous monitoring regardless of the data domain that is being monitored.

IR 7800

IR 7800 binds together the continuous monitoring workflows and capabilities described in IR 7799 to specific data domains, focusing on the asset management, configuration and vulnerability data domains. It leverages the Security Content Automation Protocol version 1.2 for configuration and vulnerability scan content, and it dictates reporting results in an SCAP-compliant format. This specification describes an overview of the approach to each of the three domains, how they bind to specific communication protocols, and how those protocols interact. It defines the specific requirements levied upon the various capabilities of the subsystems defined in NIST IR 7799 that enable each data domain.

NIST requests comments on the draft guidance be submitted to fe-comments@nist.gov by Feb. 17.


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from the North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network