WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

NIST revision of SP 800-53 addresses current cybersecurity threats

A major revision of a Federal Information Security Management Act (FISMA) publication released by the National Institute of Standards and Technology (NIST) adds guidance for combating new information security threats and incorporates new privacy controls to the framework that federal agencies use to protect their information and information systems.

To handle insider threats, supply chain risk, mobile and cloud computing technologies, and other cybersecurity issues and challenges, NIST has released Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication (SP) 800-53, Revision 4 (Initial Public Draft). The document is considered a principal catalog of security standards and guidelines used by federal government agencies that NIST is required to publish by law.

“The changes we propose in Revision 4 are directly linked to the current state of the threat space — the capabilities, intentions and targeting activities of adversaries — and analysis of attack data over time,” explained Ron Ross, FISMA Implementation Project Leader and NIST fellow.

The revision also adds a new privacy appendix to the publication that provides privacy controls and associated implementation guidance.

“Privacy and security are complementary, so we decided to combine them in SP 800-53," said Ross.

Other areas addressed in the update in addition to those mentioned above include application security, firmware integrity, distributed systems and advanced persistent threats.

NIST also modified its guidance on security assurance Appendix E, which outlines how agencies can establish measures of confidence that the security controls put in place are providing the necessary security capability to protect critical missions and business operations.

As part of the update to SP 800-53, NIST addressed potential gaps in coverage, added new security controls and control enhancements, provided additional supplemental guidance for these controls, and clarified security control requirements and specification language. Keeping the potential threats in mind, the security control baselines were updated and minimum assurance requirements revised.

The public draft of Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication (SP) 800-53, Revision 4 may be found at http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-53-Rev.%204. Comments on SP 800-53, Revision 4 are requested by April 6, 2012. Email should be sent to sec-cert@nist.gov

•Date: 1st March 2012 • US •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here