This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Industry:Draft NIST SP 800-53 Revision 3
Return to Global Industry Committee
ACTIVITY IDENTIFICATION | |||
---|---|---|---|
Activity Name | Draft NIST SP 800-53 Revision 3 | ||
Short Description | Provide response to "Draft NIST Special Publication 800-53 (Revision 3) Recommended Security Controls for Federal Information Systems and Organizations" | ||
Related Projects | None | ||
Email Contacts & Roles | Primary Rex Booth |
Secondary David Campbell |
Mailing list Please use the Industry Committee list |
ACTIVITY SPECIFICS | |||
---|---|---|---|
Objectives |
| ||
Deadlines |
| ||
Status |
| ||
Resources | Call for responses, 5 Feb 2009
Submit comments to sec-cert(at)nist.gov |
Review plan
The plan is:
- 3/9: Project kickoff
- 3/9-3/16: Perform Stage 1 review
- 3/16: Status meeting
- 3/16 - 3/23: Perform Stage 2 review
- 3/23: Status meeting
- 3/23 - 3/25: Stage 3 activities
- 3/25: Compile comments
- 3/26: Submit comments to NIST
Our review is being undertaken in three stages:
Stage 1
Activities: All participants perform a high-level, document-wide review to develop a familiarity with the document. Reviewers should note where rev 3 has introduced changes and where OWASP has the greatest potential for impact. Comment development is not required for this stage, but are a welcome side-effect.
Results: By the first status meeting, each participant should have three lists: 1) noted updates within the document 2) areas of the document most closely related to OWASP interests 3) initial draft comments (if appropriate).
Stage 2
Activities: Participants will be asked to perform a focused review on the sections of the document identified in Stage 1 as most relevant to OWASP. These "target sections" may be divided among project participants depending on project population and the number of target sections.
Results: By the second status meeting, each participant should develop a refined and detailed list of comments for their assigned sections.
Stage 3
Activities: Participants will revise comments as needed and project management will consolidate and format comments for submission to NIST.
Results: A final list of comments for submission to NIST.
Submission Response
Latest first
Final version
TBC
Identified Sections
The following parts have been identified for review:
(Section # / Page #) 3.3 / 20, AC-02, AC-03, AC-1 / F-3, AC-11 / F-10, AC-14 / F-11, AC-7 / F-8, AC-9 / F-9, AT-1, AT-3, AU-02, AU-3 / F-21, AU-3 / F-21, CM-7 / F-38, CM-8, I-0 / I-1, MA-1, MA-6, RA-5 / F-83, SC-18 / F-100, SC-2 / F-91, SC-25 / F-103, SC-19, SI-10 / F-114, SI-11 / F-113, SI-12 / F-113, SI-3, SI-3 / F-107
Return to Global Industry Committee