NIST to Update Premier Guidance

Revision to SP 800-53 Expected by Mid-December
NIST to Update Premier Guidance
NIST will update one of its premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations - in mid-December and is seeking suggestions from the government IT security community and academia on how the guidance can be improved.

The National Institute of Standards and Technology says the 2011 initiative will update security controls, control enhancements and supplemental guidance as well as revisions to supplemental guidance that forms key elements of the control selection process.

NIST says the revised guidance will focus on, but not be limited to, insider threats; software application security, including web apps; social networking, mobiles devices and cloud computing; cross domain solutions; advanced persistent threats; supply chain security; industrial/process control systems; and privacy.

The SP 800-53 revision is being headed by Ron Ross, project leader of NIST's Federal Information Security Management Act implementation project and the Joint Task Force Transformation Initiative, who characterizes the publication as a large, robust catalog of security controls that helps organizations get the best bang for their IT security bucks. "That really is to me what the risk management framework does best, and help decision makers come to good credible risk-based decisions on how they should protect their organizations," he said in a December interview with (see Managing Risk: Why It's a Hot Topic).

SP 800-53 is one of five foundational publications being developed by the Joint Task Force - a partnership that includes NIST, Department of Defense, the intelligence community and federal civilian agencies (see Involving Non-Tech Agency Brass in Infosec) - to create a unified information security framework for the federal government and its contractors. The Joint Task Force initially released SP 800-53, Revision 3, in August 2009. That provided the first combined catalog of management, operational and technical security controls for national security systems and non-national security systems.

NIST says that in an effort to keep pace with a growing threat space characterized by an ever increasing number of cyber attacks against federal information systems, NIST will produce a comprehensive catalog of cutting edge safeguards and countermeasures that should help protect the core missions and business functions of the federal government and the United States critical infrastructure. NIST says the guidance will be updated biannually.

Those interested in submitting suggestions should contact Ross at

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.