NIST 800-53 REFERENCE GUIDE
Downloadable Checklist for New NIST 800-53 Revision 5 (draft)
NIST Special Publication 800-53 delivers a catalog of security and privacy controls for federal information systems and organizations designed to help protect them from an increasingly diverse landscape of cyberthreats. The publication provides guidance on customizing these controls to address the security requirements for protecting an organization’s specific missions, business operations, technologies, environments and applications.
NIST Special Publication 800-53 Rev 5 (draft) includes a comprehensive set of security and privacy controls for all types of computing platforms, including general purpose computing systems, cyber-physical systems, cloud and mobile systems, industrial/process control systems, and Internet of Things (IoT) devices.
Release of Revision 5 (draft) concludes a one-year effort to develop next generation security and privacy controls, including changes intended to make the controls more consumable by diverse groups. The ultimate objective: make the information systems we depend on more penetration resistant. And limit the damage from attacks when they occur and ensure systems are resilient and recoverable.
The major changes to the publication include:
- Changing the structure of the security and privacy controls to be more outcome-based
- Creating a unified and consolidated set of controls by fully integrating the privacy controls into the security control catalog and providing summary and mapping tables
- Separating the control selection process from the actual controls, enabling the controls to be used by different communities of interest
- Promoting integration with different risk management and cybersecurity approaches and lexicons, including the Cybersecurity Framework
- Clarifying the relationship between security and privacy to improve the selection of controls required to address the full scope of security and privacy risks
- Incorporating new controls based on threat intelligence and empirical attack data, including controls to strengthen cybersecurity and privacy governance and accountability
TalaTek’s team of experts deep have expertise working with federal agencies and other public-sector clients and can assist with any aspect of the NIST recommendations in this update including continuous monitoring and risk management services. For more details, visit our Services page.