Related Posts
Subscribe via Email
Subscribe to our blog to get insights sent directly to your inbox.
NIST 800-53 Rev. 5 is on the way – have you read the draft? At NuHarbor, we regularly use NIST 800-53 as the controls assessment criteria for both private and public-sector clients. With our guidance, many of our clients have successfully implemented an industry-appropriate risk management strategy, allowing them to manage their risk profile, make risk-informed strategic decisions, and intentionally select, tailor, and implement key security controls. We’ve helped private sector clients adopt and modify the NIST risk management framework and provided guidance on how to build or improve an information security program that efficiently addresses security risk.
One of the flagship tools included in our security assessment approach is NIST 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations. NIST 800-53 Rev. 4 provides a detailed security controls catalog as part of the NIST Risk Management Framework (RMF), and has been adapted, tailored, and modified for use countless times. However, it has now been over five years since the original release of NIST 800-53 Rev. 4, and over three years since the last major content update. According to the current schedule, NIST will release the much anticipated final public draft of NIST 800-53 Rev. 5 in October 2018, with a planned final publication in December 2018.
While the controls in the current version are still of great value and effectiveness, there has been significant change to use of technology, attack vectors, and the threat landscape. With the widespread adoption of the NIST Cybersecurity Framework, private sector organizations are looking to NIST SP 800-53 for supplemental guidance and as a best practice security controls framework. To help these organizations best utilize their often constrained security resources and budgets, it’s critical that NIST update this catalog to maintain relevance, address aforementioned changes, and adhere to new best practices.
In recognition of this changing landscape, NIST has spent significant time and effort working with key public and private sector stakeholders to revise the current document. The latest draft of NIST 800-53 Rev. 5, released August 2017, includes significant changes. The key changes are summarized below:
The current publication release date schedule is as follows:
*Dates are subject to change; information current as of May 16, 2018.
If you’re interested in reviewing the detailed changes of NIST 800-53 Rev. 5, you can find the source documents here:
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft
If you want to keep track of the NIST Risk Management documentation publication schedule, you can find that information here:
https://csrc.nist.gov/projects/risk-management/schedule
NuHarbor will be actively monitoring for future drafts and will revisit this topic in coming months with a more detailed analysis of specific changes.
Want to chat NIST 800-53? Curious about our NIST related services? Click here or contact us today!
Subscribe to our blog to get insights sent directly to your inbox.