Written byDavid Stegon
The National Institute of Standards and Technology released a major revision to “Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication (SP) 800-53, Revision 4 (Initial Public Draft),” that focuses on emerging cyber security threats.
The document is considered a principal catalog of security standards and guidelines used by federal government agencies that NIST is require to publish by law.
“The changes we propose in Revision 4 are directly linked to the current state of the threat space – the capabilities, intentions and targeting activities of adversaries – and analysis of attack data over time,” said Ron Ross, FISMA implementation project leader and NIST fellow.
As part of the update to SP 800-53, NIST addressed potential gaps in coverage, added new security controls and control enhancements, provided additional supplemental guidance for these controls, and clarified security control requirements and specification language. Keeping the potential threats in mind, the security control baselines were updated and minimum assurance requirements revised, the agency said.
The revision also adds a new privacy appendix to the publication that provides privacy controls and associated implementation guidance, along with information on application security, firmware integrity, distributed systems and advanced persistent threat.
“Many organizations are concerned about advanced persistent threats, so we added new controls that will allow organizations to use different strategies to combat those types of threats,” Ross said.