“DISA has no intent to continue funding the effort after.
In an email received from DISA, the SCC development team was informed that: *** BLUF: Development of and support for the SCAP Compliance Checker (SCC) software will end 30 September 2022 unless a new source of funding is identified and funding is received. *** This email has been sent BCC to all SCC registered end users (2,200+ from 240+ agencies) *** NIST SP 800-37 Rev 1: This document describes the NIST Risk Management Framework. 4: A compliance assessment guide for 800-53. For organizations adopting the NIST Risk Management Framework (800-37), this document is relevant. While 800-171 takes a lot from from 800-53, the controls in 800-53 are not required for 800-171 compliance. Summary: The parent document of 800-171, this is the far more detailed SP that governs federal information systems (not contractor). NIST SP 800-171A: A Compliance Assessment Guide that gives an idea of what auditors are looking for.
NIST HB 162: A Self Assessment Handbook that asks pertinent questions and provides insight. This is the primary publication you will see discussed here. Summary: As required by DFARS, defense contractors are required to become compliant with the controls of NIST SP 800-171. r/CMMC THE SPECIAL PUBLICATIONS NIST SP 800-171 A reddit community for navigating the complicated world of NIST Publications and Controls.
0 kommentar(er)
