NIST Updates Draft Guide For Assessing IT Security

Aug. 5 - The National Institute of Standards and Technology Aug. 1 released a draft update of its main guide for assessing the security and privacy controls of federal information systems and networks (SP 800-53A).

The document is one of two complementary publications that provide "basic guidance and recommendations for ensuring data security and privacy protection in federal information systems and organizations," NIST said in a statement. The other document is "Security and Privacy Controls for Federal Information Systems and Organizations."

"If SP 800-53 is all about planning for appropriate controls to safeguard an information system, SP 800-53A is a methodology for determining how well you did," NIST explained.

SP 800-53A, which was last updated in 2010, contains new assessment procedures for the SP 800-53 security controls and includes a new appendix containing the assessment procedures in development for privacy controls. Public comments are due by Sept. 26.

The draft fourth revision of "Assessing Security and Privacy Controls in Federal Information Systems and Organizations" (SP 800-53A) is available at http://csrc.nist.gov/publications/drafts/800-53a/sp800_ 53a_r4_draft.pdf .