NIST Releases Special Publication 800-53A Revision 5

The National Institute of Standards and Technology (NIST) has released their finalized version of the Assessing Security and Privacy Controls in Information Systems and Organizations.

The final version of the Special Publication (SP) 800-53A Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations (SP 800-53A Revision 5), comes after an initial draft copy and the required comment period.

The NIST press release outlines several key updates and points related to the SP 800-53A Revision 5 outlined below: 

• The revision corresponds with the security and privacy controls in SP 800-53 Revision 5 and provides a methodology and set of assessment procedures to verify that the controls are implemented, meet stated control objectives and achieve the desired security and privacy outcomes

• The revision includes new assessment procedures that address recently added and updated privacy and supply chain risk management controls in SP 800-53 Revision 5

• The revision introduces a new structure for assessment procedures to better support the use of automated tools, improve the efficiency of control assessments for assessors and organizations and support continuous monitoring and ongoing authorization programs 

• SP 800-53A assessment procedures are flexible, provide a framework and starting point for control assessments and can be tailored to the needs of organizations and assessors

• SP 800-53A facilitates security and privacy control assessments conducted within an effective risk management framework

The full version of the NIST SP 800-53A Revision 5 is available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar5.pdf and the abstract reads:

This publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security and privacy control assessments that support organizational risk management processes and are aligned with the stated risk tolerance of the organization. Information on building effective security and privacy assessment plans is also provided with guidance on analyzing assessment results.

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST promotes their mission by developing special publications that are devoted to specific information security topics.

For more information on our NIST services visit www.schneiderdowns.com/cybersecurity/nist or contact the team at [email protected].

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.