ABSTRACT
Program Review for Information Security Management Assistance (PRISMA) is a NIST cyber security maturity model that stemmed from the National Institute of Standards and Technology (NIST's) Computer Security Expert Assist Team. Both these concepts were based on a holistic analysis of a cyber security program and portray the results in NIST five-level security maturity model of policy, procedures, implementation, testing, and integration. PRISMA incorporated the 17 management, operational, and technical control families from NIST SP 800-53 as well as FIPS 199 and 200, and other topics such as critical infrastructure protection into 9 topical areas. System 1 was one of the principle authors of the concept, piloted implementation, and was key to the development of NISTIR-7358 and the accompanying PRISMA database. The objectives of PRISMA include:
• Assisting organizations in improving security/protection of federal information and Information Technology (IT) systems
• Helping reduce disruption of critical federal operations and assets;
• Providing supporting information for the FISMA scorecard and report,
• Establishing a security program baseline to measure future improvement following key personnel or organizational changes
Supplemental Material
Available for Download
Slide presentation for "NIST program review for information security management assistance (PRISMA) enhancement"
Index Terms
- Abstract for NIST PRISMA enhancement
Comments