Matthew Cornelius, Executive Director of the Alliance for Digital Innovation
Earlier this week, the Department of Commerce’s National Institute of Standards and Technology (NIST), released their long-awaited Special Publication (SP) 800-53, revision 5 – “Security and Privacy Controls for Information Systems and Organizations” for final public comment. 800-53 is a landmark document, underpinning the way federal agencies and industry “make the information systems we depend on more penetration resistant; limit the damage from attacks when they occur; make the systems cyber resilient and survivable; and protect individuals’ privacy.”
The integration of security and privacy controls into a comprehensive catalog is essential for the future of networked computing and modern development practices. This multi-year, public/private partnership has produced a substantial, thoughtful, and – importantly – actionable document that can truly drive smarter, better cybersecurity outcomes in our most critical information systems. Importantly, 800-53 understands that cloud computing and cloud service providers are fundamental to the future of Federal agency missions – and the document reflects the unique opportunities and security features of cloud services. Further, with the incorporation of guidance and controls to promote greater supply chain security and the explosion in Internet of Things connected devices, NIST and their partners are taking a realistic, practical look at how 800-53 can serve the national interest well into the future.
NIST SPs work best when they are prudent and practical, but have the ability to scale over time to address new technologies, meet emergent needs, and combat new types of threats. ADI applauds NIST and the Joint Task Force for releasing 800-53 for final public comment and we look forward to sharing our insights and suggestions to the authors during the comment period.