OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [soa-rm-ra] NIST Risk Management Framework

After giving the document a quick scan, it is targeted towards project security compliance through organizational roles and procedures but does not really get into the IT implementation of security.  The RAF for SOA is more about what the IT technology needs to accomplish for secure interactions.




From: Ken Laskey [mailto:klaskey@mitre.org]
Sent: Thursday, November 19, 2009 4:33 PM
To: soa-rm-ra@lists.oasis-open.org RA
Subject: [soa-rm-ra] NIST Risk Management Framework


I was plugging the RAF during class this week and I got asked to look at the document described below.  I have not looked at it in any detail but I thought I'd pass it along as something that seems very relevant.




Begin forwarded message:

, please take a look at the publically available draft of NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach which can be found at   http://csrc.nist.gov/publications/PubsDrafts.html. We have made an effort to address net-centric architectures more explicitly than in the past and would very much welcome your feedback.



Ken Laskey

MITRE Corporation, M/S H305      phone: 703-983-7934

7515 Colshire Drive                         fax:       703-983-1379

McLean VA 22102-7508





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]