https://community.isc2.org/t5/Tech-Talk/The-New-Math-DoD-Estimates-Costs-for-Implementing-NIST-SP-800/m-p/23934#M1403 <P>The Initial Public Draft (IPD) for&nbsp;<EM><A href="https://csrc.nist.gov/publications/detail/sp/800-171b/draft" target="_blank" rel="noopener">NIST Special Publication (SP) 800-171<STRONG>B,</STRONG></A></EM>&nbsp;<EM>Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets</EM> was&nbsp;released today.</P><P>&nbsp;</P><P>This standard represents additional security control requirements to protect&nbsp;Controlled Unclassified Information (CUI) in nonfederal systems and organizations when the CUI is part of a critical program or high value asset. Basically, all of the Advanced Persistent Threat (APT) related controls where removed from the original standard and put here.</P><P>&nbsp;</P><P>What makes this call for public comment different is that the DoD has provided a <A href="https://csrc.nist.gov/CSRC/media/Publications/sp/800-171b/draft/documents/sp800-171B-and-dod-cost-estimate-request-for-comments.pdf" target="_blank" rel="noopener">Cost Analysis</A>&nbsp;for implementing the controls. The document is "enlightening" as to how DoD thinks. Network isolation costs are estimated more than the long-term costs of running a Security Operations Center, go figure that one out...</P><P>&nbsp;</P><P>Anyway, this is all about being proactive and shutting down the Defense Industrial Base. Booyah! It remains to be seen whether or not these "estimates" are reasonable and the controls in fact are the best ones to protect CUI from "<STRONG>the APT</STRONG>".</P><P>&nbsp;</P><P>Ps.&nbsp;@<SPAN class="login-bold"><A href="https://community.isc2.org/t5/user/viewprofilepage/user-id/89787937" target="_self">SamanthaO_isc2</A>&nbsp;we really need a "Location" for "Standards" discussions. Can you make that happen? Thanks!</SPAN></P> Mon, 09 Oct 2023 09:14:25 GMT AppDefects 2023-10-09T09:14:25Z https://community.isc2.org/t5/Tech-Talk/The-New-Math-DoD-Estimates-Costs-for-Implementing-NIST-SP-800/m-p/23934#M1403 <P>The Initial Public Draft (IPD) for&nbsp;<EM><A href="https://csrc.nist.gov/publications/detail/sp/800-171b/draft" target="_blank" rel="noopener">NIST Special Publication (SP) 800-171<STRONG>B,</STRONG></A></EM>&nbsp;<EM>Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets</EM> was&nbsp;released today.</P><P>&nbsp;</P><P>This standard represents additional security control requirements to protect&nbsp;Controlled Unclassified Information (CUI) in nonfederal systems and organizations when the CUI is part of a critical program or high value asset. Basically, all of the Advanced Persistent Threat (APT) related controls where removed from the original standard and put here.</P><P>&nbsp;</P><P>What makes this call for public comment different is that the DoD has provided a <A href="https://csrc.nist.gov/CSRC/media/Publications/sp/800-171b/draft/documents/sp800-171B-and-dod-cost-estimate-request-for-comments.pdf" target="_blank" rel="noopener">Cost Analysis</A>&nbsp;for implementing the controls. The document is "enlightening" as to how DoD thinks. Network isolation costs are estimated more than the long-term costs of running a Security Operations Center, go figure that one out...</P><P>&nbsp;</P><P>Anyway, this is all about being proactive and shutting down the Defense Industrial Base. Booyah! It remains to be seen whether or not these "estimates" are reasonable and the controls in fact are the best ones to protect CUI from "<STRONG>the APT</STRONG>".</P><P>&nbsp;</P><P>Ps.&nbsp;@<SPAN class="login-bold"><A href="https://community.isc2.org/t5/user/viewprofilepage/user-id/89787937" target="_self">SamanthaO_isc2</A>&nbsp;we really need a "Location" for "Standards" discussions. Can you make that happen? Thanks!</SPAN></P> Mon, 09 Oct 2023 09:14:25 GMT https://community.isc2.org/t5/Tech-Talk/The-New-Math-DoD-Estimates-Costs-for-Implementing-NIST-SP-800/m-p/23934#M1403 AppDefects 2023-10-09T09:14:25Z