NIST Publishes an Updated Version of its Security and Privacy Control Collection
The National Institute of Standards and Technology (NIST) has announced an update to Special Publication (SP) 800-53, titled "Security and Privacy Controls for Information Systems and Organizations". The revised SP 800-53, now in its 5.2.0 version, focuses on enhancing the security and reliability of software updates and patches in response to Executive Order 14306.
The update provides information about the security and privacy controls in the revised SP 800-53. It addresses multiple aspects of the software development and deployment process, including provisions for software and system resiliency by design, developer testing, the deployment and management of updates, and software integrity and validation.
No changes were made to SP 800-53B, "Control Baselines for Information Systems and Organizations", but a new release has been issued for consistency. The updated SP 800-53 offers details about control baselines and assessment procedures.
The updates to the control catalogue are being provided through the Cybersecurity and Privacy Reference Tool (CPRT). The CPRT allows downloads of machine-readable formats, including OSCAL and JSON. SP 800-53 Release 5.2.0 is downloadable in these formats, as well as in a spreadsheet format.
The NIST Risk Management Framework provides resources supporting the revised SP 800-53. For inquiries regarding the NIST Risk Management Framework, contact the NIST Risk Management Framework Team at [email protected].
The update revises the discussion sections of some existing controls to provide additional scoping and implementation examples. It also includes corresponding updates to SP 800-53A, "Assessing Security and Privacy Controls in Information Systems and Organizations".
In addition, NIST has adopted a new public engagement tool that allows stakeholders to respond to proposed changes in real time during comment periods, make suggestions at any time, and preview planned updates before the final is issued.
The updated SP 800-53 Release 5.2.0 can be viewed in a browser, making it easily accessible to users. For more information and to download the update, visit the Cybersecurity and Privacy Reference Tool (CPRT) at [insert link].
