Government Information Security Podcast

The National Institute of Standards and Technology characterizes its new guidance released this past week as transformational, and no one can speak more authoritative about it than Ron Ross, NIST's highly regarded senior computer scientist, information security researcher and FISMA implementation project leader who co-authored the guide. Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, encourages continual system authorization by implementing robust continuous monitoring processes. Why is this revision of SP 800-37 significant? Here's Ross' response: "There are a lot of reasons; I think the obvious one that everybody is talking about are its continuous monitoring aspects. This really reflects the significant uptake in the threats and the type of attacks that we've seen grow almost exponentially over the past couple of years. The adversaries are launching more attacks; they're more sophisticated, and we