NIST drafts updated guidance for agencies assessing security, privacy

Share this article:
“Cybersecurity as realpolitik”
The guidance gives federal agencies improved assessment procedures for securing systems and networks.

The National Institute of Standards and Technology (NIST) is updating guidance that helps federal agencies assess the security and privacy controls of their information systems and networks.

The guide will serve as a “companion work” to the “Security and Privacy Controls for Federal Information Systems and Organizations” (SP 800-53), allowing organizations to evaluate their implementation of recommended security controls as dictated by the Federal Information Security Management Act (FISMA), NIST announced on Friday.

According to the release, the updated guide called “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans” (SP 800-53A), provides new assessment procedures for testing SP 800-53 controls, as well as a new appendix for evaluating privacy controls that is still being developed to be released at a later date.

“The privacy assessment procedures that will eventually populate Appendix J in this publication are currently under development by a joint inter-agency working group established by the Best Practices Subcommittee of the CIO Council Privacy Committee,” NIST announced in late July on its site. “The new assessment procedures, when completed, will be separately vetted through the traditional public review process employed by NIST and integrated into this publication at the appropriate time.”  

Changes to the guide will support continuous monitoring and ongoing authorization programs, and the use of automated tools for assessment and monitoring activities, NIST revealed. The guidance will also give agencies and contractors necessary tools for root-cause failure analysis.

The draft publication will be open to public comment until Sept. 26, the cut-off day NIST set for feedback. A PDF of the guidance can be viewed in its entirety here.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.