The U.S. National Institute of Standards and Technology (NIST) issues numerous standards, guides and directions on a wide variety of technology and security issues.
Most readers are familiar with the benefits provided by the Cybersecurity Framework and the NIST Computer Security Resource Center (CSRC). Governments around the world, as well as small, medium and large companies, have benefitted greatly from the excellent work produced by NIST on a wide variety of topics.
Recently Updated NIST Guidance
Over the past few months, NIST has released two very significant documents that deserve the attention of the cyber industry, both in the U.S. and worldwide.
First was the release of NIST SP 800-53 Rev. 5, entitled “Security and Privacy Controls for Information Systems and Organizations,” in September 2020. The abstract describes the document this way:
“This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks. The controls are flexible and customizable and implemented as part of an organization-wide process to manage risk. The controls address diverse requirements derived from mission and business needs, laws, executive orders, directives, regulations, policies, standards, and guidelines. Finally, the consolidated control catalog addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms provided by the controls) and from an assurance perspective (i.e., the measure of confidence in the security or privacy capability provided by the controls). Addressing functionality and assurance helps to ensure that information technology products and the systems that rely on those products are sufficiently trustworthy.”
NIST also posted a spreadsheet of (Read more…)
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.