Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NIST has issued draft updates to Special Publication (SP) 800-53 to provide additional guidance on how to securely and reliably deploy patches and updates in response to the Executive Order 14306, Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144. A two-week expedited public comment period on the draft updates is open through August 5, 2025.
NIST proposes an update to an existing control enhancement, two new control enhancements, six updates to existing control/control enhancement discussions, and updates to related controls for the new control enhancements. The updates address software resiliency, developer testing, secure logging, least privilege for functions and tools, deployment management of updates, software integrity and validation, delineation of roles and responsibilities between organizations and developers, and root cause analysis and improvement.
The NIST SP 800-53 Public Comment Site provides an online tool for quickly reviewing the proposed updates, providing real-time comments, and viewing the unattributed comments of other users. Suggestions for new controls and edits to existing controls can also be submitted at any time. This tool allows NIST to maintain its open and transparent comment process while promoting a more agile and efficient delivery approach. Only changed or new controls are being issued as drafts for public comment, enabling more efficient comment participation and adjudication. NIST plans to issue the finalized updates to NIST SP 800-53 as a dataset through the Cybersecurity and Privacy Reference Tool.
Following the completion of the comment period, NIST will review and adjudicate comments. NIST SP 800-53 Release 5.2.0 will be issued on or before September 2, 2025, as an online dataset on the Cybersecurity and Privacy Reference Tool.
Questions on the NIST SP 800-53 Public Comment Site and draft SP 800-53 controls can be directed to 800-53comments [at] list.nist.gov (800-53comments[at]list[dot]nist[dot]gov).