WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

NIST issues major revision of core computer security guide

The US National Institute of Standards and Technology (NIST) has published the fourth revision of the government's foundational computer security guide, ‘Security and Privacy Controls for Federal information Systems and Organizations’. Better known to the federal computer security and contractor community as SP (Special Publication) 800-53, this fourth revision is the most comprehensive update to the security controls catalog since the document's inception in 2005.

"This update was motivated by the expanding threats we all face," explained Project Leader and NIST Fellow Ron Ross, "These include the increasing sophistication of cyber attacks and the fact that we are being challenged more frequently and more persistently."

‘State-of-the-practice’ security controls and control enhancements have been integrated into the new revision to address the evolving technology and threat space. Examples include issues particular to mobile and cloud computing; insider threats; applications security; supply chain risks; advanced persistent threat; and trustworthiness, assurance, and resilience of information systems. The revision also features eight new families of privacy controls that are based on the internationally accepted Fair Information Practice Principles.

SP 800-53, Revision 4 also takes a more holistic approach to information security and risk management. The publication calls for maintaining ‘cybersecurity hygiene’—the routine best practices that help reduce information security risks—but also appeals for hardening those systems by applying state-of-the-practice architecture and engineering principles to minimize the impacts of cyber attacks and other threats.

The revision of SP 800-53, Security and Privacy Controls for Federal information Systems and Organizations, was developed by NIST, the Department of Defense, the Intelligence Community and the Committee on National Security Systems as part of the Joint Task Force, which was formed in 2009. It can be obtained at http://dx.doi.org/10.6028/NIST.SP.800-53r4

•Date: 2nd May 2013 • US •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here