NIST issues major revision of core computer security guide: SP 800-53

May 01, 2013
SP 800-53 Rev. 4 identification and authentication controls are met when employees use their government-issued personal identity verification cards to use their computers. Credit: Kelly Talbott, NIST

The National Institute of Standards and Technology (NIST) has published the fourth revision of the government's foundational computer security guide, Security and Privacy Controls for Federal information Systems and Organizations. Better known to the federal computer security and contractor community as "SP (Special Publication) 800-53," this fourth revision is the most comprehensive update to the security controls catalog since the document's inception in 2005.

"This update was motivated by the expanding threats we all face," explained Project Leader and NIST Fellow Ron Ross, "These include the increasing sophistication of and the fact that we are being challenged more frequently and more persistently."

State-of-the-practice security controls and control enhancements have been integrated into the new revision to address the evolving technology and threat space. Examples include issues particular to mobile and cloud computing; insider threats; applications security; supply chain risks; advanced persistent threat; and trustworthiness, assurance, and resilience of information systems. The revision also features eight new families of that are based on the internationally accepted Fair Information Practice Principles.

SP 800-53, Revision 4 also takes a more holistic approach to information security and risk management. The publication calls for maintaining "cybersecurity hygiene"—the routine best practices that help reduce information —but also appeals for hardening those systems by applying state-of-the-practice architecture and engineering principles to minimize the impacts of cyber attacks and other threats.

"This 'Build It Right' strategy, coupled with security controls for continuous monitoring, provide organizations with near real-time information that leaders can use to make ongoing risk-based decisions to protect their critical missions and business functions," said Ross.

To provide organizations with greater flexibility and agility in building information security programs, the baseline set of security controls can be tailored for specific needs according to the organization's missions, environments of operation, and technologies used. Specific lists of controls and implementation guidance, or overlays, focus on a variety of missions, including space operations, military tactical operations and health care applications. Overlays also support specific technologies such as cloud computing and mobile devices.

"This specialization approach to control selection is important as the number of threat-driven controls and control enhancements increases and organizations develop specific risk management strategies," Ross said.

Explore further: Japan orders air bag maker to conduct probe

More information: The new revision of SP 800-53, Security and Privacy Controls for Federal information Systems and Organizations, was developed by NIST, the Department of Defense, the Intelligence Community and the Committee on National Security Systems as part of the Joint Task Force, which was formed in 2009. It can be obtained at dx.doi.org/10.6028/NIST.SP.800-53r4

add to favorites email to friend print save as pdf

Related Stories

NIST updates guidelines for mobile device security

Jul 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST ...

Recommended for you

Japan orders air bag maker to conduct probe

Nov 21, 2014

Japan's transport ministry said Friday it has ordered air bag maker Takata to conduct an internal investigation after cases of its air bags exploding triggered safety concerns in the United States and other countries.

Senators get no clear answers on air bag safety

Nov 20, 2014

There were apologies and long-winded explanations, but after nearly four hours of testimony about exploding air bags, senators never got a clear answer to the question most people have: whether or not their ...

Winter-like temps can reduce tire pressure

Nov 19, 2014

The polar plunge that has chilled much of the nation does more than bring out ice scrapers and antifreeze. It can trigger vehicles' tire pressure monitoring systems overnight, sending nervous drivers to dealers ...

US: Gov't aircraft regulations apply to drones (Update)

Nov 18, 2014

The U.S. government has the power to hold drone operators accountable when they operate the remote-control aircraft recklessly, a federal safety board ruled Tuesday in a setback to small drone operators chafing ...

Mapping the crisis of displaced peoples

Nov 17, 2014

Population displacement is a global problem, one that historically has been insufficiently quantified and analyzed, especially given its wide-ranging effects. Displacement can result from a number of factors, ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.