#1
27th September 2014, 11:13 AM
| |||
| |||
National institute of standards and technology nist special publication 800 53
Please tell me about National Institute of Standards and Technology (NIST)’s special publication 800 53?
|
#2
27th September 2014, 12:04 PM
| |||
| |||
Re: National institute of standards and technology nist special publication 800 53
As you want to know about National Institute of Standards and Technology (NIST)’s special publication 800-53 I would like to inform you that NIST 800-53 is a publication that recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security. Name of NIST 800-53 is a publication is "Security and Privacy Controls for Federal Information Systems and Organizations". It provides a catalog of security controls for all U.S. federal information systems except those related to national security. NIST 800-53’s Draft: Third Draft The third version of NIST's Special Publication 800-53 document incorporates several recommendations from people who commented on previously published versions. Significant changes in this revision of the document include follwing: • A simplified, six-step risk management framework; • Additional security controls and enhancements for advanced cyber threats; • Recommendations for prioritizing security controls during implementation or deployment; • Revised security control structure with a new references section; • Elimination of security requirements from supplemental guidance sections; • Guidance on using the risk management framework for legacy information systems and for external information system services providers; • Updates to security control baselines based on current threat information and cyber attacks; • Organization-level security controls for managing information security programs; • Guidance on the management of common controls within organizations; and • Strategy for harmonizing FISMA security standards and guidelines with international security standard ISO/IEC 27001 Fourth Draft Key focuses areas include are following: • Insider threats; • Software application security (including web applications); • Social networking, mobiles devices, and cloud computing; • Cross domain solutions; • Advanced persistent threats; • Supply chain security; • Industrial/process control systems; • Privacy |
|