NIST drafts updated guidance for agencies assessing security, privacy

Share this article:
“Cybersecurity as realpolitik”
The guidance gives federal agencies improved assessment procedures for securing systems and networks.

The National Institute of Standards and Technology (NIST) is updating guidance that helps federal agencies assess the security and privacy controls of their information systems and networks.

The guide will serve as a “companion work” to the “Security and Privacy Controls for Federal Information Systems and Organizations” (SP 800-53), allowing organizations to evaluate their implementation of recommended security controls as dictated by the Federal Information Security Management Act (FISMA), NIST announced on Friday.

According to the release, the updated guide called “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans” (SP 800-53A), provides new assessment procedures for testing SP 800-53 controls, as well as a new appendix for evaluating privacy controls that is still being developed to be released at a later date.

“The privacy assessment procedures that will eventually populate Appendix J in this publication are currently under development by a joint inter-agency working group established by the Best Practices Subcommittee of the CIO Council Privacy Committee,” NIST announced in late July on its site. “The new assessment procedures, when completed, will be separately vetted through the traditional public review process employed by NIST and integrated into this publication at the appropriate time.”  

Changes to the guide will support continuous monitoring and ongoing authorization programs, and the use of automated tools for assessment and monitoring activities, NIST revealed. The guidance will also give agencies and contractors necessary tools for root-cause failure analysis.

The draft publication will be open to public comment until Sept. 26, the cut-off day NIST set for feedback. A PDF of the guidance can be viewed in its entirety here.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

Malvertising impacts Yahoo, AOL visitors, spreads ransomware

The malvertising campaign is serving CryptoWall 2.0, researchers at Proofpoint revealed.

Federal Trade Commission appoints new chief technologist

The government agency has announced Ashkan Soltani as its new chief technologist, according to a release.

Cybercriminals continue to piggyback on Ebola news

Email samples discovered by researchers at Trustwave reveal how attackers are infecting users with the DarkComet Remote Access Trojan.