• NIST provides many procedures and much guidance on IT and information security-related topics.
  • Assess if NIST is too large and attempts to cover too many topics. Decide if NIST should separate into different entities for different major areas, such as IT governance, risk management, information security, and others.
  • Assess if the various NIST documents covering risk management topics and concepts are too spread out and should be more consolidated to provide better guidance to organizations when they are establishing risk management programs.”FISMA and NIST” Please respond to the following:
• From the e-Activity, describe the main elements of FISMA in the management and governance of federal information systems.
• From the e-Activity, examine how FISMA and NIST work together to provide guidance and direction to organizations and agencies.

e-activity   http://csrc.nist.gov/groups/SMA/fisma/index.html