Comment Deadline Approaching for NIST Information Security Framework

The public comment period, which began on August 15th, for The National Institute of Standards and Technology’s (NIST) draft, Revision 5, of Special Publication 800-53 “Security and Privacy Controls for Information Systems,” ends on Tuesday, September 12. The newest draft of SP 800-53 is part of a continuing drive to create a “unified information security framework for the federal government.” Though specifically geared towards creating a framework for the government, the draft also has useful and practical implications for organizations across all sectors. In order to deemphasize a focus on specifically the federal government, this revision removes the word “federal” from the draft.

The framework is based around what the draft calls “controls.” These are various protections that can be taken by an organization to provide security which protects the organization’s systems and the people who rely on those systems. A significant addition to Revision 5 is a distinct set of controls which specifically and solely focus on data privacy concerns and protection. A particular example of privacy controls in this new revision which is being touted by NIST concerns traffic monitoring cameras, and protocols for configuring cameras and other sensors so as not to capture more data about individuals unconnected to the traffic monitoring task at hand. NIST notes that the same protocol could be used by a private organization which uses cameras to monitor traffic flow or other conditions within its organization.

The comment period for this draft is currently open, with comments being request by September 12, 2017.  Comments should be sent to sec-cert@nist.gov.