Hi All,
@Daniele CattedduLaunching Today | New Online Tool to Improve Stakeholder Engagement with Security and Privacy Controls
We've heard your feedback about improving the usability of our most downloaded NIST publication, Special Publication (SP) 800-53! We have now made it available in additional data formats (e.g., CSV, XML, OSCAL, and online) and have improved the overall accessibility of the document. In response to your suggestions (and in the spirit of the NIST publication development principles), we have also developed a new online tool to allow stakeholders to provide real-time input and plan for future changes. This tool is a model for how standards and guidelines can keep pace with changes in technology and society, encourage all stakeholders to participate in the NIST standards/publication development and review process, and modernize how certain types of publications are issued in a more user-friendly manner.
The NIST SP 800-53 Controls Public Comment Site now enables stakeholders to:
• Keep up to date with the SP 800-53 controls and SP 800-53B control baselines, and access the most current controls in multiple data formats to manage cybersecurity, privacy, and supply chain risk.
• Provide feedback more easily on the controls and baselines and track how feedback is addressed. Users can comment and provide suggestions on the controls, control enhancements, and control baselines at any time. Users will also receive automated updates on the status of submitted comments and suggestions.
• Participate in comment periods to review draft controls and changes to control baselines proposed for a future release of SP 800-53 and SP 800-53B. During public comment periods, reduce the level of effort needed to review and comment on proposed changes, engage with other stakeholders about proposed changes, and provide feedback to NIST via the SP 800-53 Public Comment Site.
• Prepare for updates to SP 800-53 and SP 800-53B. With a new regular update schedule, stakeholders can better allocate resources to participate in the NIST feedback process, as well as plan for and preview updates to SP 800-53.
Learn more about the NIST SP 800-53 Controls Public Comment Site. We are excited about this tool and the opportunity to modernize how NIST solicits input from users, coordinates public comment periods, and issues future revisions to NIST SP 800-53. This is only the first step! Future plans include making the control assessment procedures available as part of the online platform – allowing stakeholders to comment on and preview control and assessment procedures together.
We look forward to your comments and ideas on the SP 800-53 controls. Check out our new site and all of the resources (more information, user guide, FAQ), and contact us with any questions or comments at
[email protected]. Also, see our new infographic on how to engage, submit, and view comments.
NIST Cybersecurity and Privacy Program
NIST Computer Security Division (CSD)
Questions/Comments about this notice:
[email protected]CSRC Website questions:
[email protected]
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------