Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Call for Feedback: NIST IR 8011 Series Adoption

NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested.

IR 8011 Volume 1

NIST Interagency Report (IR) 8011, Automation Support for Security Control Assessments, provides guidance on automating the assessment of controls that can be tested. This series of technical publications, based on NIST Special Publication (SP) 800-53 controls and SP 800-53A control assessment procedures, is organized into multiple volumes, each dedicated to addressing a specific security capability (security capabilities are groups of controls that support a common purpose). Previously published volumes, which were based on SP 800-53, Revision 4, are being revised. New volumes covering additional security capabilities are being developed. 

The NIST Risk Management Framework (RMF) team seeks feedback from individuals and organizations who have used our guidance for supporting automated security control assessments. We would like to better understand the use of the IR 8011 series by adopters, success stories, what adopters liked/disliked about the methodology and about the series overall, the challenges (if any) adopters faced during implementation, and how we can improve the entire series – from the proposed methodology to ways to facilitate its adoption.

Feedback can be sent via email to the following address: 8011comments [at] list.nist.gov (8011comments[at]list[dot]nist[dot]gov).

We are looking specifically for information such as:

  • Adoption Status (e.g., used guidance in the past; currently use; planning to use).
  • How the IR 8011 Series is Being Used – and by Whom (e.g., applied guidance in-house [i.e., for internal operations] or developed a solution that can be used by other organizations [e.g., adoption by a service/solution provider]).
  • Implementation Success (e.g., strengths and benefits of the IR 8011 series; what worked well to support implementation; ROI from the adoption of IR 8011).
  • Implementation Challenges and Opportunities (e.g., issues/concerns – and what can be considered for addressing them – and areas that can be improved).
  • Level of Interest (if a NIST IR 8011 Interest Group is established, would you be interested in joining it to share ideas and information with other 8011 adopters or interested parties?)

Feedback received will not be published or shared. There is no due date to respond (feedback can be provided at any time); however, the sooner the feedback is received, the sooner it may be considered, and possibly reflected on revisions and new development. 

For questions about this call for feedback, please email: 8011comments [at] list.nist.gov (8011comments[at]list[dot]nist[dot]gov).

Released February 22, 2023