Remember the two years of waiting for NIST SP 800-53 Rev 4 to adopt Rev 5. For me, it's post-traumatic. Attempting everything I could to have the new data model ready we built an interim Four point Five, only to have NIST nearly scrap and begin again before releasing and adopting what we now use as Rev 5. Remember when AICPA released the SOC 2 2016 standard in 2017 and then quickly turned and released the SOC 2 2017? Did you suffer when CIS CSC 6.1 rolled to 7.1 and moved entire sections under new numbers? So how is that nineteenth nervous breakdown coming along? Did we mention that CMMC 2.0 completely scraped CMMC 1.0 and returned that cost of training to all those who certified to the first model?
It can feel thankless, but at some level, we still love to do it. We love managing and updating all the security standards b/c what they strive to accomplish actually matters.
So, Happy Two Thousand and Twenty Two. It's a new year and a big new ISO Standard.
We begin again.