NIST Releases Special Publication 800-53A Revision 5

The National Institute of Standards and Technology (NIST) has released their finalized version of the Assessing Security and Privacy Controls in Information Systems and Organizations.

The final version of the Special Publication (SP) 800-53A Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations (SP 800-53A Revision 5), comes after an initial draft copy and the required comment period.

The NIST press release outlines several key updates and points related to the SP 800-53A Revision 5 outlined below: 

  • The revision corresponds with the security and privacy controls in SP 800-53 Revision 5 and provides a methodology and set of assessment procedures to verify that the controls are implemented, meet stated control objectives and achieve the desired security and privacy outcomes
  • The revision includes new assessment procedures that address recently added and updated privacy and supply chain risk management controls in SP 800-53 Revision 5
  • The revision introduces a new structure for assessment procedures to better support the use of automated tools, improve the efficiency of control assessments for assessors and organizations and support continuous monitoring and ongoing authorization programs 
  • SP 800-53A assessment procedures are flexible, provide a framework and starting point for control assessments and can be tailored to the needs of organizations and assessors
  • SP 800-53A facilitates security and privacy control assessments conducted within an effective risk management framework

The full version of the NIST SP 800-53A Revision 5 is available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar5.pdf and the abstract reads:

This publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security and privacy control assessments that support organizational risk management processes and are aligned with the stated risk tolerance of the organization. Information on building effective security and privacy assessment plans is also provided with guidance on analyzing assessment results.

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST promotes their mission by developing special publications that are devoted to specific information security topics.

For more information on our NIST services visit www.schneiderdowns.com/cybersecurity/nist or contact the team at [email protected].

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
President Biden Signs Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Americans with Disabilities Act – What to Know about Web Content Accessibility Guidelines 2.1
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×