National Institute of Standards and Technology (NIST) announced the Final Release of Special Publication (SP) 800-53, Revision 4, “Security and Privacy Controls for Federal information Systems and Organizations” on April 30, 2013. The new revision replaces SP 800-53, Revision 3, which has been in use since 2009. Unlike other early standards, which were primarily used by the civilian agencies to comply with FISMA, Revision 4 provides a framework that will apply to the civilian agencies, the Department of Defense (DoD), and the Intelligence Community (IC). It was drafted based on the federal information security strategy of “Build It Right, Then Continuously Monitor.”
Revision 4 addresses new cyber security threats that merged over the years. It ensures the systems that are under continuous monitoring are trustworthy to begin with. New security controls and enhancements have been developed to address many areas like, mobile and cloud computing, insider threats, and supply chain security.
Some major changes and enhancements of Revision 4 include:
So get ready for the transition to SP 800-53, Revision 4. This new version will provide a robust yet flexible framework for cyber security across all federal agencies for next several years.