Reference: Updated NIST Computer Security Guide, Includes New Privacy Controls Catalog
In order to better meet emerging cybersecurity challenges, the National Institute of Standards and Technology April 30 announced the publication of the fourth revision of a “core” cybersecurity guide [SP 800-53] that includes, for the first time, a privacy controls catalog.
The update to Special Publication (SP) 800-53 includes security controls for new threat contexts, such as: mobile and cloud computing; insider threats; applications security; supply chain risks; advanced persistent threats; and trustworthiness, assurance, and resilience of information systems, the agency said in the statement.
SP 800-53, Revision 4 also takes a more holistic approach to information security and risk management. The publication calls for maintaining “cybersecurity hygiene”—the routine best practices that help reduce information security risks—but also appeals for hardening those systems by applying state-of-the-practice architecture and engineering principles to minimize the impacts of cyber attacks and other threats.
The revision also features eight new families of privacy controls that are based on the internationally accepted Fair Information Practice Principles.
Full Text Guide
The full text guide is available direct from NIST (457 pages; PDF). We’ve also embedded the full text below.
About Gary Price
Gary Price (firstname.lastname@example.org) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com. Gary is also the co-founder of infoDJ an innovation research consultancy supporting corporate product and business model teams with just-in-time fact and insight finding.