The National Institute of Standards and Technology has announced the release for public comment of a draft update for its primary guide to assessing the security and privacy controls that safeguard federal information systems and networks.
NIST publishes a pair of publications providing basic guidance and recommendations for ensuring data security and privacy protection in federal information systems and organizations.
The first publication, Security and Privacy Controls for Federal Information Systems and Organizations (Special Publication 800-53), is an encyclopedic catalog, organized by function, of available methods or controls that can be established to safeguard an information system no matter how small or large.
NIST has released an update to a companion guide to 800-53, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (SP 800-53A) – which covers a methodology for determining how well organizations have planned for appropriate controls to safeguard an information system.
Public comments are due by Sept. 26, 2014. Link: http://www.nist.gov/itl/csd/800-53a-080114.cfm
