14 DAY TRIAL // The National Institute of Standards and Technology (NIST) has recently published an updated version of the “Security and Privacy Controls for Federal Information Systems and Organizations.”
This is the first major update made to the federal cybersecurity guideline since 2005.
As NextGov highlights, government agencies are not required to follow all the specifications in the 456-page guide. Instead, they’re recommended to choose the measures that best suit their needs.
“Special Publication 800-53, Revision 4, provides a more holistic approach to information security and risk management by providing organizations with the breadth and depth of security controls necessary to fundamentally strengthen their information systems and the environments in which those systems operate—contributing to systems that are more resilient in the face of cyber attacks and other threats,” the guide reads.
“This ‘Build It Right’ strategy is coupled with a variety of security controls for ‘Continuous Monitoring’ to give organizations near real-time information that is essential for senior leaders making ongoing risk-based decisions affecting their critical missions and business functions.”
The complete document is available on NIST’s website, here.