Who Created/Manages NIST 800?
Who Creates and/or Manages the NIST 800?
This NIST 800 is a well thought out set of federal security standards that DoD and the Intel world is moving too. It aligns with International Organization for Standardization (ISO) and International Electotechnical Commissions (IEC) 27001:2005, Information Security Management System (ISMS).
NIST 800 is updated and revised by the following organizations:
Joint Task Force Transformation Initiative Interagency (JTFTI) Working Group National Institute of Standards and Technology (NIST)
JTFTI is made up of from the Civil, Defense, and Intelligence Communities. This working group reviews and updates the following documents
- NIST Special Publication 800-37, Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
- NIST Special Publication 800-39, Enterprise-Wide Risk Management: Organization, Mission, and Information Systems View
- NIST Special Publication 800-53, Revision 3 Recommended Security Controls for Federal Information Systems and Organizations
- NIST Special Publication 800-53A, Revision 1 Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
These core documents are a standard on how to implement FISMA. The organization has done a good job of keeping NIST 800 inline with international standards of ISO 27001. The JTFTI is made up of ODNI, DoD, CNSS. This document is also publicly vetted.
Office of the Director of National Intelligence (ODNI)
The DNI is a position required by Intelligence Reform and Terrorism Prevention Act of 2004. This office serves as adviser to the president, Homeland Security and National Security Counsil as well and director of National Intelligence.
Department of Defense (DoD)
DoD is composed of (but not limited to) the USAF, US Army, DON and Marines. It is the most powerful military organization in recorded history.
Committee on National Security Systems (CNSS)
This committee was created to satisfy National Security Directive 42, “National Policy for the Security of National Security Telecommunications and Information Systems“,
the group has represtatives from NSA, CIA, FBI, DOD, DOJ, DIA and is focused on protecting the US crititcal infrastructure.
Public (review and vetting) – the draft is posted online on NIST.gov
Scadahacker – mappings NIST to International