[OWASP_NNI_Initiative] Fwd: [CC_SECURITY] FYI: NIST Releases the Initial Public Draft of SP 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations.

Bev Corwin bevcorwin at gmail.com
Tue Aug 15 16:45:40 UTC 2017


---------- Forwarded message ----------
From: Iorga, Michaela (Fed) <michaela.iorga at nist.gov>
Date: Tue, Aug 15, 2017 at 12:14 PM
Subject: [CC_SECURITY] FYI: NIST Releases the Initial Public Draft of SP
800-53, Revision 5, Security and Privacy Controls for Information Systems
and Organizations.

*August 15,  2017*

NIST Releases the Initial Public Draft of *Special Publication 800-53,
Revision 5
<http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-53-Rev-5>*, *Security
and Privacy Controls for Information Systems and Organizations*.

*Deadline to Submit Comments: *

September 12, 2017

As we push computers to “the edge” building an increasingly complex world
of interconnected information systems and devices, security and privacy
continue to dominate the national dialog. There is an urgent need to
further strengthen the underlying systems, component products, and services
that we depend on in every sector of the critical infrastructure—ensuring
those systems, components, and services are sufficiently trustworthy and
provide the necessary resilience to support the economic and national
security interests of the United States.

This update to NIST Special Publication 800-53 (Revision 5) responds to the
need by embarking on a proactive and systemic approach to develop and make
available to a broad base of public and private sector organizations, a
comprehensive set of safeguarding measures for all types of computing
platforms, including general purpose computing systems, cyber-physical
systems, cloud and mobile systems, industrial/process control systems, and
Internet of Things (IoT) devices. Those safeguarding measures include
security and privacy controls to protect the critical and essential
operations and assets of organizations and the personal privacy of
individuals. The ultimate objective is to make the information systems we
depend on more penetration resistant to attacks; limit the damage from
attacks when they occur; and make the systems resilient and survivable.

Revision 5 of this foundational NIST publication represents a one-year
effort to develop the next generation security and privacy controls that
will be needed to accomplish the above objectives. It includes changes to
make the controls more consumable by diverse groups including, for example,
enterprises conducting mission and business operations; engineering
organizations developing systems and systems-of-systems; and industry
partners building system components, products, and services. The major
changes to the publication include:

   - Making the security and privacy controls more outcome-based by
   changing the structure of the controls;
   - Fully integrating the privacy controls into the security control
   catalog creating a consolidated and unified set of controls for information
   systems and organizations, while providing summary and mapping tables for
   privacy-related controls;
   - Separating the control selection process from the actual controls,
   thus allowing the controls to be used by different communities of interest
   including systems engineers, software developers, enterprise architects;
   and mission/business owners;
   - Promoting integration with different risk management and cybersecurity
   approaches and lexicons, including the Cybersecurity Framework;
   - Clarifying the relationship between security and privacy to improve
   the selection of controls necessary to address the full scope of security
   and privacy risks; and
   - Incorporating new, state-of-the-practice controls based on threat
   intelligence and empirical attack data, including controls to strengthen
   cybersecurity and privacy governance and accountability.

Your feedback on this draft publication is important to us. We appreciate
each contribution from our reviewers. The very insightful comments from the
public and private sectors, nationally and internationally, continue to
help shape the final publication to ensure that it meets the needs and
expectations of our customers. Comments can be submitted to
sec-cert at nist.gov. NIST anticipates producing the final draft of this
publication in October 2017 and publishing the final version not later than
December 29, 2017.

Cc_security mailing list
Cc_security at nist.gov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_nni_initiative/attachments/20170815/0f362591/attachment-0001.html>

More information about the Owasp_nni_initiative mailing list