Updated: Oct 7, 2020
The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.
"This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations and the nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures,
foreign intelligence entities and privacy risks," according to the document.
The update provides a list of security and privacy controls for managing IT systems, with a special emphasis on those that process or store personally identifiable information.
Changes include new guidelines on strengthening existing controls within IT systems, and making them more adaptable to organizations using modern technologies and platforms, such as cloud computing, mobile devices and IoT devices.