The National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) has announced both an updated, and a new initial draft publication, over the past two weeks that is fairly significant to most of us in the security field. The NIST ITL group is charged with ‚??promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology‚?Ě.
NIST ITL has published an online database of controls for NIST 800-53 rev. 4 ‚??Recommended Security Controls for Federal Information Systems and Organizations‚?Ě. This will enable organizations to quickly search and download the catalog of security controls and procedures defined in this publication. The link above contains additional information, as well as a link to the files available for download for both revisions 3 and 4 of NIST 800-53.
The second release is an initial publication of NIST 800-160 ‚??Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems‚?Ě. This document is an excellent source of information for all security professionals, whether in the role of a Security Engineer as a full time position, or an Operations Analyst who is part of a ‚??one stop shop‚?? for delivery and operations of security systems. The document does a good job of explaining how Security integrates into the planning, design, and delivery of systems, and how our efforts integrate with the overall systems engineering program. I hope to have some time for a more comprehensive summary in the coming weeks as this is one of the most useful publications I‚??ve seen come out of NIST in a number of years.
tony d0t carothers --gmail
May 26th 2014
5 years ago