I’m happy to announce the release of [DEAD LINK /docs/DOC-27046]NIST SP 800-53 Revision 4 as Archer content. This newest addition to the library is offered as a full-text authoritative source with over 1,100 mappings to Archer Control Standards.
Special Publication 800-53 is one of the foremost flagship security control catalogs in the world. This latest version reflects a multiyear effort on the part of NIST to refine the control set, and expand with additional coverage for current and emerging trends in various technology areas. With a title of “Security and Privacy Controls for Federal Information Systems and Organizations”, SP 800-53 is often mischaracterized as only being relevant to the public sector. However the control catalog and methodology serves as an excellent baseline resource for any company looking to rationalize and improve their security control environment. The Presidential Policy Directive and Executive Order released earlier this year underscores the trend toward public and private sector security practices beginning to align. Guidance provided by NIST will be deeply integrated into these public initiatives, so it’s worth turning to SP 800-53 as a reference whenever security control designs are being considered.
If you caught our webcast with Dr. Ron Ross earlier this year you’ll recall one of the major updates in SP 800-53 Rev 4 is the addition of a new family of privacy controls. This is a big deal since NIST has only added one other control family since the inception of 800-53. Another new element is the introduction of the “overlay” concept. Think of this as an additional way to uniquely identify and allocate controls based on overlaying the deployment context of the platform being protected. These additions further illustrate a growing overlap of security concerns shared by public and private sector organizations alike, and complement a concerted effort by NIST to reach out and collaborate with the private sector.
The addition of Revision 4 in Archer together with the addition of [DEAD LINK /docs/DOC-15427]800-53A as Archer Control Procedure content released earlier this year, you have everything you need to drive a serious security control assessment program or transition your existing program across to the latest version as part of your security control environment lifecycle management process.
If you’d like a deeper dive on using SP 800-53 Rev 4, be sure to check out our upcoming webcast on September 12, 2013.