Newsroom
August 15, 2017
NIST invites input on security, privacy controls draft update
The National Institute of Standards and Technology on Tuesday released a draft update of security and privacy controls for public- and private-sector organizations that includes a set of safeguarding measures for all types of computing platforms, including mobile devices and process control systems.
The draft update is for Special Publication 800-53, which contains the baseline privacy and security control standards prescribed for civilian agencies under the Federal Information Security Modernization Act (FISMA). The draft is open for public comment until Sept. 12.
The new document clarifies the "the relationship between security and privacy." It also promotes integration of various "risk management" lexicons, such as the NIST Framework for Improving Critical Infrastructure Cybersecurity. As part of NIST's modernization effort, the new draft also incorporates "new, state-of-the-practice controls based on threat intelligence and empirical attack data."
NIST said the ultimate objective "is to make the information systems we depend on more penetration resistant to attacks; limit the damage from attacks when they occur; and make the systems resilient and survivable."
The update may also require the NCUA to revisit its current privacy control practices. In November 2016, NCUA's Office of Inspector General audited NCUA's compliance with FISMA and determined that the agency needed to improve its privacy program. Additionally, the OIG noted that NCUA needed to improve security controls governing state supervisory authority examiner accounts, which may be used to upload or download sensitive credit union information.
The draft update is for Special Publication 800-53, which contains the baseline privacy and security control standards prescribed for civilian agencies under the Federal Information Security Modernization Act (FISMA). The draft is open for public comment until Sept. 12.
The new document clarifies the "the relationship between security and privacy." It also promotes integration of various "risk management" lexicons, such as the NIST Framework for Improving Critical Infrastructure Cybersecurity. As part of NIST's modernization effort, the new draft also incorporates "new, state-of-the-practice controls based on threat intelligence and empirical attack data."
NIST said the ultimate objective "is to make the information systems we depend on more penetration resistant to attacks; limit the damage from attacks when they occur; and make the systems resilient and survivable."
The update may also require the NCUA to revisit its current privacy control practices. In November 2016, NCUA's Office of Inspector General audited NCUA's compliance with FISMA and determined that the agency needed to improve its privacy program. Additionally, the OIG noted that NCUA needed to improve security controls governing state supervisory authority examiner accounts, which may be used to upload or download sensitive credit union information.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.