NIST 800-53 Reference Guide
Downloadable Control Checklist for NIST 800-53 Revision 4
The NIST “Final Draft of Special Publication (SP) 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations” is the update for the content of the security controls catalog and the guidance for selecting and specifying security controls for federal information systems and organizations.
The changes are directly linked to the current state of the threat space (i.e., capabilities, intentions and targeting activities of adversaries) and attack data collected and analyzed over a substantial time period.
The major changes in Revision 4 include:
- New security controls and control enhancements
- Clarification of security control requirements and specification language
- New tailoring guidance including the introduction of overlays
- Additional supplemental guidance for security controls and enhancements
- New privacy controls and implementation guidance
- Updated security control baselines
- New summary tables for security controls to facilitate ease-of-use
- Revised minimum assurance requirements and designated assurance controls.
The breadth and depth of the security and privacy controls in the control catalog must be sufficiently robust to protect the wide range of information and information systems supporting the critical missions and business functions of the federal government – from the Department of Homeland Security, to the DoD warfighters, to the Federal Aviation Administration, to the Social Security Administration.
NIST’s objectives, addressed in this version, are to provide near real-time risk management and the ability to design, develop and implement effective continuous monitoring programs, which depends, first and foremost, on the organization’s ability to develop a strong information technology infrastructure.
This means building stronger, more resilient information systems using system components with sufficient security capability to protect core missions and business functions. The security and privacy controls in this publication, along with the flexibility inherent in the implementation guidance, provide the requisite tools to implement effective, risk-based, cyber security programs, address the most sophisticated threats on the horizon.
TalaTek’s team of experts have deep expertise working with federal agencies and other public-sector clients and can assist with any aspect of the NIST recommendations in this update including continuous monitoring and risk management services. For more details, visit our Services page.