NIST Updates FISMA Recommendations
William Jackson writes on GCN.com:
The National Institute of Standards and Technology has released an initial draft for public comment of a revised version of its Recommended Security Controls for Federal Information Systems and Organizations.More here.
Although this is Revision 3 [.pdf] of Special Publication (SP) 800-53, NIST calls it the first major update of the guidelines since its initial publication in December 2005. NIST tries to revisit its security guidance every two years and update them as needed, said senior computer scientist Ron Ross. But revising a 200-plus-page comprehensive set of recommendations is expensive and time-consuming.
“We don’t want to undertake it unnecessarily,” Ross said. “But the threat environment has changed quite a bit and we’ve learned a lot in that time from the agencies in their implementation of the controls. All of this made a compelling need to do an update.”
SP 800-53 is part of a series of documents setting out standards, recommendations and specifications for implementing the Federal Information Security Management Act (FISMA).