Ok … maybe we were a little hard on NIST yesterday. In this 8-minute interview with Ron Ross, the point-man for SP 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations, GovInfosecurity.com covers some of the core changes of the first major update since 2005.
Some of the interesting takeaways to note include the concept of “overlays” to address mission specific control customizations, a lengthy discussion of the new privacy controls (it’s even in the title now), unofficial online updates to keep pace with the breakneck speed of technology, and the reintroduction of “assurance” to emphasize their built-it-right strategy.
Of course any NIST security discussion wouldn’t be complete without touching on continuous monitoring and risk management as would be expected. Of particular interest is that Revision 4 also represents the culmination of efforts by the Joint Task Force Transformation Initiative Interagency Working Group with the hope of creating “one set of controls to rule them all” regardless of the area of the government they are applied.
What do you think of the new 800-53? Let us know in the comments below. See ya!