November 24, 2020

Privacy: NIST Crafts Next-Generation Safeguards for Information Systems and the Internet of Things

From the National Institute for Standards and Technology (NIST):

Information systems—from communications platforms to internet-connected devices—require both security and privacy safeguards to work successfully and protect users in our increasingly complex and interconnected world.

Toward these ends, the National Institute of Standards and Technology (NIST) has issued a new draft revision of its widely used Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. Developed by a joint task force consisting of representatives of the civil, defense and intelligence communities, the draft fifth revision of SP 800-53 represents an ongoing effort to produce a unified information security framework for the federal government.

However, the latest draft goes beyond both information security and the federal government to address ways all kinds of organizations can maintain security and privacy in their interconnected systems.

[Clip]

Privacy is now fully integrated throughout the new draft, a first for any control catalog. “This revision covers the overlap in security and privacy for systems, as well as the ways in which they are distinct,” said NIST senior privacy policy advisor Naomi Lefkovitz. “It also enhances the ability for both professional teams to collaborate yet still maintain their respective authorities.” SP 800-53 Revision 5 adds two new control families that focus solely on privacy; the remaining privacy controls are integrated throughout the rest of the control families.

For example, one privacy control addresses the data captured by sensors such as those used in traffic-monitoring cameras in smart cities. The control advises configuring such sensors in a way that minimizes their capturing data about individuals that’s not necessary for the traffic-monitoring system to carry out its function.

While previous versions targeted federal agencies, other organizations, particularly industry, are voluntarily adopting SP 800-53. The controls have been updated to address the needs of the more diverse user group, including enterprise-level security and privacy professionals, component product developers, and systems engineers who are now working on privacy and security.

Direct to Full Text: Draft Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations (Revision 5)
494 pages; PDF.

About Gary Price

Gary Price (gprice@mediasourceinc.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at Ask.com, and is currently a contributing editor at Search Engine Land.

Share