[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [soa-rm-ra] NIST Risk Management Framework
|
After giving the document a quick scan, it is targeted towards project
security compliance through organizational roles and procedures but does not really
get into the IT implementation of security. The RAF for SOA is more about what
the IT technology needs to accomplish for secure interactions. Danny From: Ken Laskey
[mailto:klaskey@mitre.org] I was plugging the RAF during class this week and I got
asked to look at the document described below. I have not looked at it in
any detail but I thought I'd pass it along as something that seems very
relevant. Ken Begin forwarded message:
, please take a look at the
publically available draft of NIST SP 800-37, Guide for
Applying the Risk Management Framework to Federal Information Systems: A
Security Life Cycle Approach which can be found at http://csrc.nist.gov/publications/PubsDrafts.html.
We have made an effort to address net-centric architectures more explicitly
than in the past and would very much welcome your feedback. ----------------------------------------------------------------------------- Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive
fax:
703-983-1379 McLean VA 22102-7508
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]