From GCN:
The National Institute of Standards and Technology has released a database to help agencies collect data needed to assess IT security programs and produce reports for action plans.
The PRISMA database, which can be downloaded at http://prisma.nist.gov, is part of the Program Review for Information Security Management Assistance, a tool developed by NIST for reviewing the complex information security requirements and posture of federal information security programs. It brings together guidelines from NIST publications, federal standards, best practices and requirements in the Federal Information Security Management Act.
PRISMA provides a framework for an independent in-house review of the maturity of an agency’s info security program. It requires documentation of security policies, procedures and implemented controls as well as a review of the agency’s organizational structure, culture and business mission. After the assessment, the PRISMA team identifies issues and develops a weighted list of corrective actions that will provide the greatest improvements in the most cost-effective manner.
Tags: NIST, Assessment Tool, Tools
