NIST to Update Premier GuidanceRevision to SP 800-53 Expected by Mid-December
The National Institute of Standards and Technology says the 2011 initiative will update security controls, control enhancements and supplemental guidance as well as revisions to supplemental guidance that forms key elements of the control selection process.
NIST says the revised guidance will focus on, but not be limited to, insider threats; software application security, including web apps; social networking, mobiles devices and cloud computing; cross domain solutions; advanced persistent threats; supply chain security; industrial/process control systems; and privacy.
The SP 800-53 revision is being headed by Ron Ross, project leader of NIST's Federal Information Security Management Act implementation project and the Joint Task Force Transformation Initiative, who characterizes the publication as a large, robust catalog of security controls that helps organizations get the best bang for their IT security bucks. "That really is to me what the risk management framework does best, and help decision makers come to good credible risk-based decisions on how they should protect their organizations," he said in a December interview with GovInfoSecurity.com (see Managing Risk: Why It's a Hot Topic).
SP 800-53 is one of five foundational publications being developed by the Joint Task Force - a partnership that includes NIST, Department of Defense, the intelligence community and federal civilian agencies (see Involving Non-Tech Agency Brass in Infosec) - to create a unified information security framework for the federal government and its contractors. The Joint Task Force initially released SP 800-53, Revision 3, in August 2009. That provided the first combined catalog of management, operational and technical security controls for national security systems and non-national security systems.
NIST says that in an effort to keep pace with a growing threat space characterized by an ever increasing number of cyber attacks against federal information systems, NIST will produce a comprehensive catalog of cutting edge safeguards and countermeasures that should help protect the core missions and business functions of the federal government and the United States critical infrastructure. NIST says the guidance will be updated biannually.
Those interested in submitting suggestions should contact Ross at email@example.com.