a NIST blog
It has been seven years since the last major update to NIST’s flagship security and privacy guidance document Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. Since 2013, the publication has been accessed or downloaded from the NIST web site millions of times. This month, NIST unveiled an historic update to its security and privacy controls catalog that will provide a solid foundation for protecting organizations and systems—including the personal privacy of individuals—well into the 21st century.
NIST SP 800-53, Revision 5 is not just a minor update but rather a complete renovation—addressing both structural issues and technical content. The update represents a multi-year effort to develop the first comprehensive catalog of security and privacy controls that can be used to manage risk for organizations of any sector and size, and all types of systems—from super computers to industrial control systems to Internet of Things (IoT) devices. The controls offer a proactive and systematic approach to ensuring that critical systems, components, and services are sufficiently trustworthy and have the necessary resilience to defend the economic and national security interests of the United States.
The most significant changes to SP 800-53, Revision 5 include:
Additional supplemental materials will also be available immediately or in the near future, including:
In addition to the world’s first consolidated security and privacy control catalog, NIST has a variety of frameworks available to help select and implement the controls. These include the Risk Management Framework, Cybersecurity Framework, and Privacy Framework. And to make all of the security and privacy frameworks and controls more efficient and cost-effective for our customers, NIST is launching a new automation initiative to provide the content of its consolidated control catalog in different formats and to deliver the content through https://csrc.nist.gov.
Exciting times ahead—we encourage you to take a look at the latest update to SP 800-53, use the content to build or improve your security, privacy, and supply chain risk management programs, and share your feedback to help us continuously improve the controls and supplemental materials.
Great post and summary of the significant changes between Rev4->Rev5. I will definitely use this reference information in my efforts to continue to educate and collaborate with my colleagues in my company and industry on Security and Privacy controls.
When will there be a NIST web page like https://nvd.nist.gov/800-53/Rev4 ? We use this all of the time and is a very handy tool.
Thank you for helping to keep us safe.
Fantástico!!!!!
Very insightful