As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST). If you are unfamiliar with NIST, it is an organization that produces many publications including the well-respected Special Publication SP 800-53r5 standard, titled “Security and Privacy Controls for Information Systems and Organizations.” Although intimidating in its initial appearance, this important manuscript provides a catalog of privacy and security guidance for most of the information systems within the federal government. Even though its primary audience is governmental bodies, the NIST advice is used extensively in non-government environments, as it should be. It contains seriously solid advice!
First introduced back in 2005, SP 800-53 has gone through five revisions since its initial release. The fourth revision, released in 2013, featured updated security controls and focused on topics such as insider threats, software security, mobile devices, supply chain security, and privacy. Revision four also gave us the now familiar “eighteen control families,” which have been adopted by numerous federal agencies as well as the private sector.
In late September 2020, NIST published the official release of NIST SP 800-53 Rev. 5. The purpose of this new release was to provide
a proactive and systemic approach to develop and make available to a broad base of public and private sector organizations a comprehensive set of safeguarding measures for all types of computing platforms, including general purpose computing systems, cyber-physical systems, cloud-based systems, mobile devices, Internet of Things (IoT) devices, weapons systems, space systems, communications systems, environmental control systems, super computers, and industrial control systems. Those safeguarding measures include implementing security and privacy controls to protect the critical and essential operations and assets of organizations and the privacy of individuals. The objectives are to make the information (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Steven Tipton. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/notable-enhancements-new-version-nist-sp-800-53/
Interesting development in Germany to restore phonetics that were erased by the Nazis Before the Nazi dictatorship some Jewish names…
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's…
via the comic delivery system monikered Randall Munroe resident at XKCD! Permalink
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's…
It's December, so you know what that means: Predictions for what's to come for cyber in 2021. We brought together…
Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's…