- On August 17, 2018
- In Blogs
- By Abbie Elliott
- 0 Comments
As new threats and mitigation tactics surface in the constantly evolving world of information security, frameworks must also change. The National Institute of Standards and Technology (NIST) has created one of the most robust security frameworks and has evolved to meet the ever-changing needs of federal organizations. The NIST Special Publication (SP) 800-53 series (Rev. 1-5) provides a catalog of security and privacy controls for information systems and organizations, as well as a process for selecting these controls to protect operations, assets, and individuals.
In NIST’s most recent update (SP 800-53 Rev. 5), the controls and processes have been altered to be more applicable to both the private and public sector. This shift is reflected in the title, which removes the word “federal”–changing from “Recommended Security Controls for Federal Information Systems and Organizations” (Rev. 1-4) to “Security and Privacy Controls for Information Systems and Organizations” (Rev. 5). The current revision also now maps controls back to the standards used by the private sector, encouraging implementation outside of the public sector.
NIST has focused on utilizing simpler language for better comprehension while adding expanded explanations of terms, concepts, and applications. For example:
Rev 4 (Control AC-3):
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Rev 5 (Control AC-3):
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
The security and privacy controls have been combined into two new control families: Individual Participation (IP) and Privacy Authorization (PA). Cloudburst Security encourages the use of these security and privacy controls in both the private and public sector. We also recommend that you stay informed and implement the changes integrated with each revision. For more information on SP 800-53 Rev. 5 and how to apply it to your organization, contact Cloudburst Security at firstname.lastname@example.org.