First Major Update to SP 800-53 Is Available for Public Comment

The National Institute of Standards and Technology (NIST) has issued for public comment its first major update of Special Publication 800-53, the catalog of security controls and technical guidelines that information technology professionals use to select appropriate safeguards and countermeasures for protecting federal information and information systems.

SP 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, is one of the principal security publications in the suite of security standards and guidelines published by NIST in response to the Federal Information Security Management Act (FISMA) of 2002.

Ron Ross, FISMA Implementation Project leader, says, “We have received excellent feedback from our customers during the past three years and have taken this opportunity to provide significant improvements to the security control catalog. We also continue to work closely with the Department of Defense and the Office of the Director of National Intelligence under the auspices of the Committee on National Security Systems on the harmonization of security control specifications across the federal government.”

SP 800-53 Revision 3 incorporates lessons learned since the original publication to update many of the current security controls, adds new security controls and control enhancements to cover advanced cyber threats, and provides a new family of controls to address organization-wide security programs. The revision introduces the concept of an information security program plan, a vehicle to capture organization-wide security program management requirements—such as capital planning and budgeting, enterprise architectures, and risk management. The revision also eliminates redundant or obsolete controls. In addition, the growing sophistication of cyber attacks necessitated specific changes to the allocation of security controls and control enhancements to the minimum baseline controls recommended by NIST.

In addition to the above modifications, Revision 3 incorporates an overview of a revised, simplified six-step risk management framework, provides additional guidance on managing common controls within organizations and adds security controls for supply chain threats. It also introduces a strategy for harmonizing the FISMA security standards and guidelines with international security standards including an updated mapping table for security controls for organizations wanting to comply with both FISMA and the International Standards Organization 27001 security standard.

Comments on SP 800-53 Revision 3 are requested. The public comment period runs through March 27, 2009 and email should be sent to sec-cert@nist.gov. The publication may be found at http://csrc.nist.gov/publications/drafts/800-53/800-53-rev3-IPD.pdf.

Media Contact

Evelyn Brown Newswise Science News

More Information:

http://www.nist.gov

All latest news from the category: Information Technology

Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.

This area covers topics such as IT services, IT architectures, IT management and telecommunications.

Back to home

Comments (0)

Write a comment

Newest articles

Lighting up the future

New multidisciplinary research from the University of St Andrews could lead to more efficient televisions, computer screens and lighting. Researchers at the Organic Semiconductor Centre in the School of Physics and…

Researchers crack sugarcane’s complex genetic code

Sweet success: Scientists created a highly accurate reference genome for one of the most important modern crops and found a rare example of how genes confer disease resistance in plants….

Evolution of the most powerful ocean current on Earth

The Antarctic Circumpolar Current plays an important part in global overturning circulation, the exchange of heat and CO2 between the ocean and atmosphere, and the stability of Antarctica’s ice sheets….

Partners & Sponsors