GovLoop

What Do the NIST Special Publication 800-53 Updates Mean for You?

Cybersecurity of network of connected devices and personal data security, concept on virtual interface with consultant in background

Your agency has terabytes of data that must be secured properly at all times. However, it can be challenging to provide privileged access – meaning the right people have access to the right data sets at the right time. This aspect of security is key to keeping your agency’s data protected.

To make sure that all federal agencies are meeting security and privacy standards for data management, Congress passed the Federal Information Security Management Act of 2002 (FISMA). The Act requires federal agencies to develop, document and implement agency-wide programs to provide information security for the agency’s systems.

The National Institutes for Standards and Technology’s Security (NIST) is responsible for developing these standards and guidelines. One of NIST’s most pertinent publications is Security and Privacy Controls for Federal Information Systems and Organizations, also known as SP800-53. The publication is a catalog of security and privacy controls for federal information systems and organizations and provides a process for selecting controls to protect organizational operations and assets from threats, including cyberattacks.

The publication is currently on its fourth iteration but NIST is preparing to release the fifth version in the near future. To talk more about what the fifth revision of the document looks like and better understand how leveraging it can help keep agencies FISMA compliant, GovLoop sat down with Vicky Yan Pillitteri, Advisor for Information System Security at NIST and Shunta Sharod Sanders, Senior Sales Engineer of Federal at BeyondTrust.

From their discussion, we learned what is changing in SP800-53 version five and how agencies can leverage tools to maintain FISMA compliance.

NIST Special Publication 800-53

To understand how NIST could enhance the tools put forth in SP 800-53, Pillitteri and her team talked and coordinated with stakeholders to develop necessary changes. A few of the most pertinent alterations include:

Leveraging Tools and Practices to Remain FISMA compliant

It is critical for agencies to have a clear understanding of SP 800-53 and the controls found within it because the publication helps them achieve FISMA compliance. Two of these controls particularly help agencies avoid breeches.

Sanders concluded by emphasizing that a secure environment is born from FISMA compliance. “Despite all the hard work that goes into preventative measures, there isn’t a silver bullet to meet all cyber needs and you may still experience a breech at your agency,” Sanders explained. “Leveraging a unified approach can reduce vulnerability and instances of attack.”

Waiting at the edge of your seat for SP800-53 version five to be released? Don’t worry. Pillitteri assured that a draft of the new version will be available to the public soon and that she and her team at NIST are looking forward to feedback from users across sectors.

Exit mobile version