The National Institute of Standards and Technology published the fourth revision of Security and Privacy Controls for Federal Information Systems and Organizations, better known as Special Publication 800-53.
Known as the government community’s security bible, this revision is the most comprehensive update to the security controls catalog since the document was created in 2005, NIST said.
“This update was motivated by the expanding threats we all face,” said Ron Ross, project leader and NIST fellow, in a released statement. “These include the increasing sophistication of cyber attacks and the fact that we are being challenged more frequently and more persistently.”
According to NIST, under the current revision, the document takes a more holistic approach to information security and risk management, calling for maintaining “cybersecurity hygiene,” the routine of best practices that help reduce information security risks.
The document also calls for the hardening of those systems by applying state-of-the-practice architecture and engineering principles to minimize the impacts of cyber attacks.
“This ‘Build It Right’ strategy, coupled with security controls for continuous monitoring, provide organizations with near real-time information that leaders can use to make ongoing risk-based decisions to protect their critical missions and business functions,” Ross said.