Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations – one of the National Institute of Standards and Technology’s (NIST) premier information security guides — is soon to be published in its 4th revision.
Though the guidance is aimed at federal government IT systems, it is frequently followed by local, state and tribal governments as well as private-sector enterprises.
Major changes in Revision 4 are planned to include:
- New security controls and control enhancements addressing the advanced persistent threat, supply chain, insider threat, application security, distributed systems, mobile and cloud computing and developmental and operational assurance;
- Clarification of security control language;
- New tailoring guidance, including the fundamental assumptions used to develop the security control baselines;
- Significant expansion of supplemental guidance for security controls and enhancements;
- Streamlined tailoring guidance to facilitate customization of baseline security controls;
- New privacy controls and implementation guidance based on the internationally recognized Fair Information Practice Principles;
- Updated security control baselines;
- New summary tables for security controls and naming convention for control enhancements to facilitate ease-of-use;
- New mapping tables for ISO/IEC 15408 (Common Criteria);
- The concept of overlays, allowing organizations and communities of interest to develop specialized security plans that reflect specific missions/business functions, environments of operation and information technologies;
- Designation of assurance-related controls for low-impact, moderate-impact and high-impact information systems and additional controls for responding to high assurance requirements.
Revisions to SP 800-53 are being developed by the Joint Task Force Transformation Initiative Inter-agency Working Group with representatives from the federal intelligence community, departments of Defense and Commerce, the Office of the Director of National Intelligence and the Committee on National Security Systems –and – is planned to be published April 2013.
Click here to view and download SP 800-53 Rev 3.
If applicable, please pass this information along to those information security team members in your organization.