NIST 800-53 REFERENCE GUIDE
Downloadable Checklist for New NIST 800-53 Revision 5
NIST Special Publication 800-53, Revision 5, delivers a catalog of security and privacy controls for federal information systems and organizations designed to help protect them from an increasingly diverse landscape of cyberthreats. The publication provides guidance on customizing these controls to address the security requirements for protecting an organization’s specific missions, business operations, technologies, environments, and applications.
NIST SP 800-53 Rev. 5 includes security and privacy controls for all types of computing platforms, including general purpose computing systems, cyber-physical systems, cloud and mobile systems, industrial/process control systems, and Internet of Things (IoT) devices.
Release of Revision 5 concludes a multiyear effort to develop next-generation security and privacy controls, including changes intended to make the controls more consumable by diverse groups. The ultimate objectives: make the information systems we depend on more penetration resistant, limit the damage from attacks when they occur, and ensure systems are resilient and recoverable.
The major changes from Revision 4 to Revision 5 include:
- Changing the structure of the security and privacy controls to be more outcome-based
- Creating a unified and consolidated set of controls by fully integrating the privacy controls into the security control catalog and providing summary and mapping tables
- Separating the control selection process from the actual controls, enabling the controls to be used by different communities of interest
- Promoting integration with different risk management and cybersecurity approaches and lexicons, including the Cybersecurity Framework
- Clarifying the relationship between security and privacy to improve the selection of controls required to address the full scope of security and privacy risks
- Incorporating new controls based on threat intelligence and empirical attack data, including controls to strengthen cybersecurity and privacy governance and accountability
TalaTek’s team of experts have deep expertise working with federal agencies and other public-sector clients and can assist with any aspect of the NIST SP 800-53 Revision 5 recommendations, including continuous monitoring and risk management services. For more details, visit our Services page.