http://www.bankinfosecurity.com/articles.php?art_id=4541 By Eric Chabrow Bank Info Security February 29, 2012 More than a year in the making, the National Institute of Standards and Technology issued Feb. 28 an initial public draft updating one of its premier special publications, SP 800-53: Security and Privacy Controls for the Federal Information Systems and organizations, which incorporates expanded privacy controls and addresses new threats that were unheard of when NIST issued revision 3 in 2009. "The past year, we've taken a thorough scrub at that catalog and we have been able to add a significant number of new controls and enhancements that deal with some of the challenges we have had, and the new technologies that we're routinely using, like mobile and cloud," says Ron Ross, NIST fellow and leader of the institute's Federal Information Security Management Act implementation project. NIST added the word privacy to the title of the draft guidance, its fourth revision, unveiled at RSA Conference 2012 in San Francisco, because it expands the number of privacy controls to the framework that federal agencies use to protect their information and information systems. "Privacy and security are complementary, so we decided to combine them in SP 800-53," Ross says. The draft revision also provides controls to handle insider threats, supply chain risk, cloud computing technologies and other cybersecurity challenges as well as application security, firmware integrity, distributed systems and advanced persistent threat. "The changes we propose in revision 4 are directly linked to the current state of the threat space - the capabilities, intentions and targeting activities of adversaries - and analysis of attack data over time," Ross says. [...] ______________________________________________________________________________ CISSP and CEH training with Expanding Security is the fastest, easiest way to grock the relevant data you need now. A free class invite is in every PainPill. Sign up for the free weekly PainPill. It's that easy. http://www.expandingsecurity.com/PainPillReceived on Thu Mar 01 2012 - 01:35:37 PST
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 01:33:49 PST