The NIST Risk Management Framework (RMF) Team has released the initial public draft (ipd) of NIST Interagency Report (IR) 8011v1r1 (Volume 1, Revision 1), Testable Controls and Security Capabilities for Continuous Monitoring: Volume 1 — Overview and Methodology. This represents a major revision of the first and key volume in the multi-volume series.
IR 8011 provides a methodology for identifying testable controls from the Special Publication (SP) 800-53 control catalog that share common defense objectives in support of information security continuous monitoring. Volume 1 introduces key terminology and foundational concepts, describes the methodology, discusses conceptual operational considerations for a potential IR 8011 implementation, and identifies sample automatable control tests.
The public comment period is open through Friday, April 4, 2025. See the publication details for a copy of the draft and instructions for submitting comments.