NIST Issues "Historic" Security Controls Guidance
Special Report Unifies National Security, Civilian FrameworkSpecial Publication 800-53 Revision 3 - Recommended Security Controls for Federal Information Systems and Organizations - includes security controls in its catalogue for national security and non-national security systems, a first in its continuing initiative to develop a unified IT security framework for government agencies and contractors. NIST said the updated security control catalogue incorporates best practices in information security from the Department of Defense, intelligence community and civilian agencies to produce the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.
Revision 3, according to NIST, contains significant changes from earlier versions, including:
"The standardized set of management, operational and technical controls provide a common specification language for information security for federal information systems processing, storing and transmitting both national security and non national security information," a NIST statement that accompanied release of the revised publication states. "The revised security control catalog also includes state-of-the-practice safeguards and countermeasures needed by organizations to address advanced cyber threats capable of exploiting vulnerabilities in federal information systems."