NIST announces the release of Draft Special Publication 800-53, Revision 4, Appendix H, International Information Security Standards, Security Control Mappings for ISO/IEC 27001: 2013. (NOTE: This draft Appendix H for SP 800-53 Revision 4 has been approved as final and has been incoporated into the updated SP 800-53 Revision 4 document in January 2015). This update to Appendix H was initiated due to the 2013 revision to ISO/IEC 27001, which occurred after the final publication of SP 800-53, Revision 4. In addition to considering the new content in ISO/IEC 27001 for the mapping tables, new mapping criteria were employed in conducting the mapping analysis. The new criteria are intended to produce more accurate results—that is, to successfully meet the mapping criteria, the implementation of the mapped controls should result in an equivalent information security posture. While mapping exercises may by their very nature, include a degree of subjectivity, the new criteria attempts to minimize that subjectivity to the greatest extent possible.
Comment period CLOSED on: September 26, 2014. Questions? Send email to: sec-cert@nist.gov
Security and Privacy: general security & privacy, privacy, privacy controls, security controls
Laws and Regulations: Federal Information Security Modernization Act, Homeland Security Presidential Directive 12