The Government Accountability Office has released draft guidance for Cybersecurity policy for agencies and contractors. The review period goes until September 10, 2015.
They included 8 major recommendations:
1. US government coordination.
2. US. government participation in cybersecurity standards development.
3. Development of timely and technically sound standards and assessment.
4. Government and commercial collaboration in standards development.
5. Improving international coordination and information sharing.
6. Support and expanding standards training for federal agency staff.
7. Developing cybersecurity standards that minimize privacy risk.
8. Using relevant international standards where possible.
NIST Special Publication 800-37, Guide for Applying the Risk Management Framework To Federal Information Systems: A Security Life Cycle Approach, 2010.
GAO, CYBERSECURITY Actions Needed to Address Challenges Facing Federal SystemsGo Back