A colleague of mine sent over this article about NIST updating their recommendations (http://csrc.nist.gov/publications/drafts/800-53/800-53-rev3-IPD.pdf) for IT Security controls and I have a couple of quick thoughts on it..
Risks and threats are always evolving and I for one like to see our Government departments involved in this showing more leadership here. IMO we have too many disparate sets of standards and regulations which obviously increases the confusion and workload of companies striving to comply. Moving toward an updated more cohesive set of standards / regulations is badly needed and really.. overdue. I sure would like to see more prescriptive documentation and even technology recommendations from these governing bodies. I understand the desire to be agnostic about technology solutions but at the same time you can really help folks kick start their projects and initiatives more quickly and efficiently by reviewing actual technology recommendations.
Any comments / thoughts on this out there?