National Institute of Standards and Technology (NIST) announced the Final Release of Special Publication (SP) 800-53, Revision 4, “Security and Privacy Controls for Federal Information Systems and Organizations” on April 30, 2013. The new revision replaces SP 800-53, Revision 3, which has been in use since 2009. Unlike other early standards, which were primarily used by the civilian agencies to comply with FISMA, Revision 4 provides a framework that will apply to the civilian agencies, the Department of Defense (DoD), and the Intelligence Community (IC). It was drafted based on the federal information security strategy of “Build It Right, Then Continuously Monitor.”

Revision 4 addresses new cyber security threats that merged over the years. It ensures the systems that are under continuous monitoring are trustworthy to begin with. New security controls and enhancements have been developed to address many areas like, mobile and cloud computing, insider threats, and supply chain security.

FISMA-NIST Solution Brief

Download Solution Brief

Some major changes and enhancements of Revision 4 include:

  • New controls and control enhancements, with more descriptive language. The number of controls and enhancements has increased from over 600 to well over 800.
  • New privacy controls and implementation guidance based on “Fair Information Practice Principles”.
  • Creation of overlay that allows agencies to tailor security control baselines and to develop their specialized security plan based on their missions/environments.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept