IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Recommended Security Controls – Info Security, 800-53 Feedback Requested

February 6th, 2009 · No Comments

NIST 800-53 Public Draft is out for review and your feedback!  I strongly encourage everyone to review the Controls provide industry guidance to ensure this landmark guidance document remains relevant and sufficient to the threats that exist.

“The specific changes in Special Publication 800-53, Revision 3 include:

  • Restructuring of security controls to include specific requirements previously stated in Supplemental Guidance;
  • Adjusting security control/control enhancement allocations to security control baselines;
  • Eliminating security controls and control enhancements that are redundant or no longer needed;
  • Incorporating the revised, simplified, six-step Risk Management Framework;
  • Strengthening selected security controls by adding new security control enhancements;
  • Adding security program management controls that affect organizations, at large, including areas such as capital planning and budgeting, enterprise architecture, and risk management;
  • Providing additional guidance on the management of common controls within organizations;
  • Adding security controls and control enhancements for advanced cyber threats, including supply chain threats;
  • Introducing a three-part strategy for harmonizing the FISMA security standards and guidelines with international security standards including an updated mapping table for security controls in ISO/IEC 27001 (Annex A); and
  • Updating supporting appendices including references, glossary, and acronyms.”

To provide substance on the importance of this standard – this document is utilized by thousands of organizations worldwide as both a template and a baseline.  As threats evolve the baseline must shift also, but that requires everyone to move in concert to raise the total level of resilience.  It is critical that a careful eye be placed on this standard – to ensure the sufficiency of the controls, the clarity of the safeguards, and the completeness of the approach.

“Only you can prevent forest fires” – wholly applicable,

James DeLuccia IV

Hat tip to Dan Philpott and Taylor Banks for the heads up!

Tags: Uncategorized

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment