The Department of Homeland Security recently released FY2011 CIO FISMA Reporting version 1.0, which has some interesting updates from prior requests.

Their new guidance that really caught my attention, however, is a working draft released by NIST that shows the DHS top 20 security controls for FISMA are “negatively impacted” by virtualization. No details or clarification of those terms has yet been posted, just this list.