Revision of SP 800-53 addresses current cybersecurity threats, adds privacy controls

Feb 29, 2012

A major revision of a Federal Information Security Management Act (FISMA) publication released today by the National Institute of Standards and Technology (NIST) adds guidance for combating new information security threats and incorporates new privacy controls to the framework that federal agencies use to protect their information and information systems.

To handle insider threats, risk, mobile and cloud computing technologies, and other cybersecurity issues and challenges, NIST has released and for and Organizations, Special Publication (SP) 800-53, Revision 4 (Initial Public Draft). The document is considered a principal catalog of and guidelines used by federal government agencies that NIST is required to publish by law.

“The changes we propose in Revision 4 are directly linked to the current state of the threat space—the capabilities, intentions and targeting activities of adversaries—and analysis of attack data over time,” explained Ron Ross, FISMA Implementation Project Leader and NIST fellow.

The revision also adds a new privacy appendix to the publication that provides privacy controls and associated implementation . “Privacy and security are complementary, so we decided to combine them in SP 800-53," said Ross.

Other areas addressed in the update in addition to those mentioned above include application security, firmware integrity, distributed systems and advanced persistent threat. “Many organizations are concerned about advanced persistent threats, so we added new controls that will allow organizations to use different strategies to combat those types of threats,” Ross added.

NIST also modified its guidance on security assurance Appendix E, which outlines how agencies can establish measures of confidence that the security controls put in place are providing the necessary security capability to protect critical missions and business operations. Ross explains, “Having security functionality in your information systems without the appropriate assurance is like skydiving without a backup parachute—you don’t need it until you need it. And without it, the outcome is very predictable.”

As part of the update to SP 800-53, NIST addressed potential gaps in coverage, added new security controls and control enhancements, provided additional supplemental guidance for these controls, and clarified security control requirements and specification language. Keeping the potential threats in mind, the security control baselines were updated and minimum assurance requirements revised.

This document, when finalized, will be used by the entire federal government. The project was conducted as part of the Joint Task Force Transformation Initiative, which is composed of security experts from NIST, the Department of Defense, the Intelligence Community, the Committee on National Security Systems, and the Department of Homeland Security.

The public draft of Security and Privacy Controls for Federal and Organizations, Special Publication (SP) 800-53, Revision 4 may be found at http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-53-Rev.%204

Explore further: Japan orders air bag maker to conduct probe

add to favorites email to friend print save as pdf

Related Stories

Protecting computers at start-up: New NIST guidelines

Dec 21, 2011

A new draft computer security publication from the National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

Recommended for you

Namibia prepares for Africa's first e-vote

1 hour ago

Namibia will vote in Africa's first electronic ballot Friday, a general election that will usher in a new president and quotas to put more women in government.

US agency threatens to act against air bag maker

5 hours ago

A dispute between U.S. safety regulators and air bag maker Takata Corp. escalated Wednesday when the government threatened fines and legal action unless the company admits that driver's air bag inflators ...

Japan orders air bag maker to conduct probe

Nov 21, 2014

Japan's transport ministry said Friday it has ordered air bag maker Takata to conduct an internal investigation after cases of its air bags exploding triggered safety concerns in the United States and other countries.

Senators get no clear answers on air bag safety

Nov 20, 2014

There were apologies and long-winded explanations, but after nearly four hours of testimony about exploding air bags, senators never got a clear answer to the question most people have: whether or not their ...

Winter-like temps can reduce tire pressure

Nov 19, 2014

The polar plunge that has chilled much of the nation does more than bring out ice scrapers and antifreeze. It can trigger vehicles' tire pressure monitoring systems overnight, sending nervous drivers to dealers ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.