NIST seeking input for updated security control catalog
The National Institute of Standards and Technology (NIST) is seeking public comments on its 2011 update of the catalog of security controls for the federal government. The catalog provides a set of management, operational and technical safeguards—protective measures—used by federal agencies to help protect federal information systems.

The Recommended Security Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53), which is being updated, is one of the Federal Information Security Management Act (FISMA) publications that federal agencies and their contractors have consulted for the past five years to help achieve more secure information systems.

SP 800-53 is also one of the five foundational publications included in the Joint Task Force Transformation Initiative—a cybersecurity partnership of the Department of Defense, the federal intelligence community and NIST—to develop a unified information security and risk management framework for the federal government. For the first time since the document’s original publication in 2005 and its major updates in 2006 and 2009, NIST is seeking public input prior to developing its updated cyber security guidance.

The 2011 initiative will include an update of current security controls, control enhancements and supplemental guidance as well as new tailoring and supplementation guidance that form key elements of the control selection process. Input is requested for, but not limited to, the key focus areas for the update:
  • Insider threats;
  • Software application security (including web applications);
  • Social networking, mobile devices and cloud computing;
  • Cross domain systems;
  • Advanced persistent threats;
  • Supply-chain security;
  • Industrial/process control systems; and
  • Privacy.

The deadline for comment submission is April 29.