Are NIST’s Proposed SP 800-53 Additions Just Fad Controls?

FISMA LogoWe have all heard of the shortcoming of FISMA which ranges from poor compliance of infosec guidelines to poor reporting of the required controls for combating threats. With the collaboration of the Department of Defense, Department of Homeland Security, Intelligence Community, and the Committee on National Security Systems, it looks like NIST has released a FISMA revision draft. NIST proposed revisions incorporate new privacy controls for protecting feds information resources and aims at combating new threats such as cloud computing threats among others.

(We’d be curious to hear your thoughts on these revisions. Personally, I think we already have all the controls we need to cover these “new” areas … they are just embedded into what’s already there. We do not need new “fad” controls just to be buzzword compliant. If this trend continues get ready for some new “big data” controls next year. 🙂 Instead, let’s just enhance what we have instead of making it more complicated by bolting new controls on. FISMA guru @danphilpott has his comments as well… His last tweet seems to sync up with my opinion.

NIST released draft SP 800-53 Rev. 4 Security & Privacy Controls for Federal Info Systems & Orgs http://fis.ma/z2RZMx #

Gaping hole in security control catalog continues -> Number of times the term ‘application security’ shows up in SP 800-53r4: 1 #

Surprised by the number of new controls in the SP 800-53r4. Many are not selected at any baseline, which points to why they were added (IC). #

Where are these ‘new’ privacy controls people say are in SP 800-53r4 draft? All I see are privacy controls originally released last July. #

800-53 privacy controls structure bugs me. Why break them up into their own families? Adds 8 new families to current 17+1 to no effect. #

Well onto the original article. -Grecs)

via GSNMagazine.com

The National Institute of Standards and Technology released the draft of what it calls “major” revision proposals to the catalog of federal information security management practices.

The proposals are in draft form and not finalized and the agency is requesting public comments by April 6, 2012.

The revisions to the Federal Information Security Management Act (FISMA) publication released on Feb. 28, adds guidance for combating new information security threats and incorporates new privacy controls to the framework that federal agencies use to protect their information and information systems, said NIST.

Continued here.

#####

Quick reminder, the deadline for the RFC for this draft is April, 6 2012. Please let us know what you think. Today’s post image is from TECH-FAQ.

8 comments for “Are NIST’s Proposed SP 800-53 Additions Just Fad Controls?

  1. March 7, 2012 at 3:49 pm

    BLOGGED: Are NIST’s Proposed SP 800-53 Additions Just Fad Controls? http://t.co/xYaaZBEi

  2. March 7, 2012 at 4:13 pm

    #NOVABLOGGER: Are NIST’s Proposed SP 800-53 Additions Just Fad Controls? http://t.co/vpOaXU9s http://t.co/Inu1SfcI

  3. March 7, 2012 at 4:41 pm

    Are #NIST’s Proposed SP 800-53 Additions Just Fad Controls?: [nova#infosecportal.com] We have all heard of the… http://t.co/GCjoBl9E

  4. March 7, 2012 at 4:41 pm

    Are #NIST’s Proposed SP 800-53 Additions Just Fad Controls?: [nova#infosecportal.com] We have all heard of the… http://t.co/maUxEDsO

  5. March 7, 2012 at 8:47 pm

    Are NIST’s Proposed SP 800-53 Additions Just Fad Controls? http://t.co/vpOaXU9s

  6. March 7, 2012 at 9:14 pm

    “@grecs: Are NIST’s Proposed SP 800-53 Additions Just Fad Controls? http://t.co/qcVXd975” < Reading…

  7. March 8, 2012 at 3:20 pm

    NIST’s newly proposed 800-53 ctrls .. needed or just a fad? Expect “big data” ctrls in next release. http://t.co/xYaaZBEi

  8. March 8, 2012 at 3:20 pm

    NIST’s newly proposed 800-53 ctrls .. needed or just a fad? Expect “big data” ctrls in next release. http://t.co/vpOaXU9s

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.