NIST Issues "Historic" Security Controls Guidance

Special Report Unifies National Security, Civilian Framework
NIST Issues "Historic" Security Controls Guidance
The National Institute of Standards and Technology issued Friday updated one of its major IT security guidance publications, characterizing it as "historic in nature."

Special Publication 800-53 Revision 3 - Recommended Security Controls for Federal Information Systems and Organizations - includes security controls in its catalogue for national security and non-national security systems, a first in its continuing initiative to develop a unified IT security framework for government agencies and contractors. NIST said the updated security control catalogue incorporates best practices in information security from the Department of Defense, intelligence community and civilian agencies to produce the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.

Revision 3, according to NIST, contains significant changes from earlier versions, including:

A simplified, six-step risk management framework;
Additional security controls and control enhancements for advanced cyber threats;
Recommendations for prioritizing or sequencing security controls during implementation or deployment;
Revised security control structure with a new references section;
Elimination of security requirements from supplemental guidance sections;
Guidance on using the risk management framework for legacy information systems and for external providers of information system services;
Updates to security control baselines consistent with current threat information and known cyber attacks;
Organization-level security controls for managing information security programs;
Guidance on the management of common controls within organizations; and
Strategy for harmonizing Federal Information Security Management Act security standards and guidelines with international security standard ISO/IEC 27001.

"The standardized set of management, operational and technical controls provide a common specification language for information security for federal information systems processing, storing and transmitting both national security and non national security information," a NIST statement that accompanied release of the revised publication states. "The revised security control catalog also includes state-of-the-practice safeguards and countermeasures needed by organizations to address advanced cyber threats capable of exploiting vulnerabilities in federal information systems."

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.