From Nextgov:
The first revision to Special Publication 800-37 — “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life-Cycle Approach” — will help agencies comply with the 2002 Federal Information Security Management Act, which requires them to identify and take inventories of their IT systems and determine the sensitivity of information stored on those systems. FISMA has long been criticized for focusing too heavily on compliance and not enough on monitoring and testing of computer systems for vulnerabilities.
(Image used under CC from LordSchrammi‘s Flickr stream)