NIST Issued Information Systems Risk Management Draft

The National Institute of Standards and Technology has issued SP-800-39, "Managing Risk from Information Systems: An Organizational Perspective."
Comments on this draft are accepted until December 14, 2007.