The National Institute of Standards and Technology (NIST) updated Special Publication 800-53, the agency’s main security guidance, for the first time in seven years with new recommendations on supply chain, privacy, and cyber resiliency.
“Our objective is to make the information systems we depend on more resistant to cyberattacks,” Ron Ross, NIST fellow and one of the publication’s authors, said in a March 16 press release. “We want to limit the damage from those attacks when they occur, make the systems cyber-resilient, and at the same time protect the security and privacy of information.”
The fifth revision to the guidance fully integrates privacy protocols into the security standards. In previous editions of the guide, privacy was just an appendix. NIST also boosts its focus on supply chain security, calling it “one of the most vulnerable aspects of global commerce.” Improved state-of-the-practice controls are based on new threat intelligence and cyberattack data to better support organizations’ cyber resiliency.
“Revision five is important because threats, vulnerabilities and technology are evolving on a daily basis. It’s critical for us that the controls remain up to date and agile,” Dominic Cussatt, principal deputy assistant secretary and deputy CIO at the Department of Veterans Affairs, said.
NIST is accepting public comments on the updated draft through May 15.