InfoBytes Blog
NIST Revamps Core Computer Security Guide
On April 30, the National Institute of Standards and Technology (NIST) published a substantially revised version of its Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations,” the government’s core computer security guide. Although developed for use by federal agencies, the NIST Special Publication is widely used in the private sector. The revisions are the most extensive since the document first was published in 2005 and is meant to address evolving and emerging cyber security threats. For example, the new guide incorporates issues specific to (i) mobile and cloud computing, (ii) insider threats, (iii) applications security, (iv) supply chain risks, (v) advanced persistent threats, and (vi) trustworthiness, assurance, and resilience of information systems. It is sector-specific to allow organizations greater flexibility in building information security systems, and also provides for the first time a privacy controls catalog.