The National Institute of Standards and Technology (NIST) has released the second public draft of NIST Special Publication 800-39, ‘Managing Risk from Information Systems: An Organizational Perspective’, for comment. This is the flagship publication in a series of standards and guidelines developed by NIST that relate to the Federal Information Security Management Act.
Special Publication 800-39 provides a framework for managing the risk arising from the operation and use of information systems and is built upon a common foundation of best security practices. The target audience for this publication includes agency heads, chief information officers, information system designers, developers and administrators, auditors and inspectors general.
The public comment period is from April 7-30, 2008. Comments should be emailed to sec-cert@nist.gov
Download a copy of the publication here (PDF).