The following statement is being issued by the Center for Regulatory Effectiveness
A little known agency in the Department of Commerce, NIST is working on an issue of critical importance-developing standards to protect the federal information technology infrastructure from cyber-attacks as required by FISMA (Federal Information Security Management Act).
The Center for Regulatory Effectiveness emphasizes that if pending legislation were enacted the FISMA standards could be mandated on some private sector information systems including those dealing with water supply, transportation, financial, and nuclear control systems. For this reason, it is imperative that NIST make the comments it receives available to the public.
Finally, the gold standard for continuous monitoring is monitoring done in real time-a needed step which NIST should take.
CERT Urges NIST to Adopt Real-Time Continuous Monitoring for Federal Cyber Security Operations
March 15, 2011