Publication Number: NIST Special Publication (SP) 800-53 ...
The attached DRAFT document (provided here for historical purposes) has been superseded by
the following publication:
Publication Number:
NIST Special Publication (SP) 800-53 Revision 4
Title:
Security and Privacy Controls for Federal Information
Systems and Organizations
Publication Date:
04/30/2013
? Final Publication: (which links to
).
? Information on other NIST Computer Security Division publications and
programs can be found at:
The following information was posted with the attached DRAFT document:
Feb. 28, 2012
SP 800-53 Rev. 4
DRAFT Security and Privacy Controls for Federal Information Systems and
Organizations (Initial Public Draft)
NIST announces the Initial Public Draft of Special Publication (SP) 800-53, Revision 4, Security and
Privacy Controls for Federal Information Systems and Organizations. Special Publication 800-53,
Revision 4, represents the culmination of a year-long initiative to update the content of the security
controls catalog and the guidance for selecting and specifying security controls for federal
information systems and organizations. The project was conducted as part of the Joint Task Force
Transformation Initiative in cooperation and collaboration with the Department of Defense, the
Intelligence Community, the Committee on National Security Systems, and the Department of
Homeland Security. The proposed changes included in Revision 4 are directly linked to the current
state of the threat space (i.e., capabilities, intentions, and targeting activities of adversaries) and the
attack data collected and analyzed over a substantial time period. In particular, the major changes in
Revision 4 include:
? New security controls and control enhancements;
? Clarification of security control requirements and specification language;
? New tailoring guidance including the introduction of overlays;
? Additional supplemental guidance for security controls and enhancements;
? New privacy controls and implementation guidance;
? Updated security control baselines;
? New summary tables for security controls to facilitate ease-of-use; and
? Revised minimum assurance requirements and designated assurance controls.
Many of the changes were driven by particular cyber security issues and challenges requiring
greater attention including, for example, insider threat, mobile and cloud computing, application
security, firmware integrity, supply chain risk, and the advanced persistent threat (APT). In most
instances, with the exception of the new privacy appendix, the new controls and enhancements are
not labeled specifically as ¡°cloud¡± or ¡°mobile computing¡± controls or placed in one section of the
catalog. Rather, the controls and enhancements are distributed throughout the control catalog in
various families and provide specific security capabilities that are needed to support those new
computing technologies and computing approaches. The breadth and depth of the security and
privacy controls in the control catalog must be sufficiently robust to protect the wide range of
information and information systems supporting the critical missions and business functions of the
federal government¡ªfrom the Department of Homeland Security, to the DoD warfighters, to the
Federal Aviation Administration, to the Social Security Administration. As the federal government
continues to implement its unified information security framework using the core publications
developed under the Joint Task Force, there is also a significant transformation underway in how
federal agencies authorize their information systems. Near real-time risk management and the
ability to design, develop, and implement effective continuous monitoring programs, depends first
and foremost, on the organization¡¯s ability to develop a strong information technology
infrastructure¡ªin essence, building stronger, more resilient information systems using system
components with sufficient security capability to protect core missions and business functions. The
security and privacy controls in this publication, along with the flexibility inherent in the
implementation guidance, provide the requisite tools to implement effective, risk-based, cyber
security programs¡ªcapable of addressing the most sophisticated of threats on the horizon.
Public comment period: February 28th through April 6th, 2012.
Public comment period: February 28th through April 6th, 2012. This will be the only comment
period. Publication of the final document is anticipated in July 2012. Comments can be sent to:
sec-cert @ .
To support the public review process, NIST will publish a markup version of Appendices D, F and G.
This will help organizations plan for any future update actions they may wish to undertake after
Revision 4 is finalized. There will not be any markups provided for the main chapters or the other
appendices.
NIST Special Publication 800-53
Revision 4
Security and Privacy Controls
for Federal Information Systems
and Organizations
JOINT TASK FORCE
TRANSFORMATION INITIATIVE
INFORMATION
S E C U R I T Y
INITIAL PUBLIC DRAFT
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
February 2012
U.S. Department of Commerce
John E. Bryson, Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary for Standards and Technology
and Director
Special Publication 800-53
Security and Privacy Controls for Federal Information Systems and Organizations
________________________________________________________________________________________________
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology (NIST) promotes the U.S. economy and public welfare by providing technical
leadership for the nation¡¯s measurement and standards infrastructure. ITL develops tests, test
methods, reference data, proof of concept implementations, and technical analyses to advance the
development and productive use of information technology. ITL¡¯s responsibilities include the
development of management, administrative, technical, and physical standards and guidelines for
the cost-effective security and privacy of other than national security-related information in
federal information systems. The Special Publication 800-series reports on ITL¡¯s research,
guidelines, and outreach efforts in information system security, and its collaborative activities
with industry, government, and academic organizations.
PAGE ii
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- publication number nist special publication sp 800 53
- nist risk management framework overview
- summary of significant changes between nist special
- ufc 4 010 06 cybersecurity of facility related control
- mapping pci dss v3 2 1 to the nist cybersecurity framework
- summary of nist sp 800 53 revision 4 security and privacy
- withdrawn nist technical series publication
- cyber resilience review crr cisa
- nist cloud computing security reference architecture
Related searches
- nist 800 53 data classification
- nist 800 53 rev 5 release date
- nist 800 53 rev 5 pdf
- nist special publication 800 60
- nist 800 53 rev 4 pdf
- nist 800 53 rev 5 final
- nist 800 53 controls spreadsheet
- nist 800 53 control families
- nist 800 53 r4 pdf
- nist special publication 800 53
- nist sp 800 53 revision 4
- nist special publication 800 160