The National Institute for Standards and Technology (NIST) develops standards and guidelines for many areas, including information technology. This month the agency released an update to their set of guidelines for organizations to use in creating security assessment plans (NIST Special Publication 800-53A, Revision 1). These guidelines are said to simplify many of the procedures and are part of a larger initiative aimed at focusing on enterprise-wide near-real-time risk management. You can read more about this here:
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225702691