NIST seeks comments on security control catalog for federal information systems and organizations
The publication being updated is Recommended Security Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53). SP 800-53 is one of the key Federal Information Security Management Act (FISMA) publications that federal agencies and their contractors have relied on for the past five years to help achieve more secure information systems.
SP 800-53 is also one of the five foundational publications included in the Joint Task Force Transformation Initiative—a federal cyber security partnership made up of the Department of Defense, the Intelligence Community and NIST—to develop a unified information security and risk management framework for the federal government. For the first time since the document's original publication in 2005 and its major updates in 2006 and 2009, NIST is seeking public input prior to developing its updated cyber security guidance.
"To keep pace with the growing threat brought about by an increasing number of cyber attacks against federal information systems, NIST is committed to producing a comprehensive catalog of cutting-edge safeguards and countermeasures that are necessary to help protect the core missions and business functions of the federal government," says Joint Task Force Leader and NIST Fellow Ron Ross.
The 2011 initiative will include an update of current security controls, control enhancements and supplemental guidance as well as new tailoring and supplementation guidance that form key elements of the control selection process. Key focus areas for the update for which input is requested include, but are not limited to:
- insider threats;
- software application security (including web applications);
- social networking, mobiles devices, and cloud computing;
- cross domain solutions;
- advanced persistent threats;
- supply chain security;
- industrial/process control systems; and
Provided by National Institute of Standards and Technology (NIST)