Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

December 21, 2006

For Immediate Release: December 21, 2006

Bookmark and Share

Contact: Jan Kosko

The National Institute of Standards and Technology (NIST) has issued a revised version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53). First issued in February 2005, SP 800-53 is one of the key standards and guidelines developed by NIST to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA).

The publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of federal information systems. The controls are organized into 17 families, including risk assessment, contingency planning, access control and incident response. The changes focus on clarifying the security controls, eliminating redundancies and expanding supplemental guidance. Specific changes include: expanded information on the media protection family to address powerful, highly mobile processing and storage devices; new concepts to promote more cost-effective assessments, extend the life of security accreditations over time and reduce the paperwork associated with reaccreditations; and a more thorough discussion of the implications and risks of using external information system services and service providers.

The changes reflect the first of what will be a biennial review and update cycle for SP 800-53. The document is available at http://csrc.nist.gov/publications/nistpubs/index.html.