The planned release of NIST Special Publication 800-53, Revision 5, Security and Privacy Controls for Systems and Organizations (Initial Public Draft), on March 28 has been delayed. The publication is still undergoing internal review. We hope to be able to release the publication in the very near future. Here are a few highlights from the Notes to Reviewers that will give you a preview of what to expect in Revision 5--
" …This update to NIST Special Publication 800-53 embarks on a proactive and systemic approach to develop and make available to a broad base of public and private sector organizations, a comprehensive set of safeguarding measures for all types of systems, including general purpose computing systems, cyber-physical systems, cloud and mobile systems, industrial/process control systems, and IoT devices. Those safeguarding measures include security and privacy controls to protect the critical and essential operations and assets of organizations and the personal privacy of individuals. The ultimate objective is to make the systems we depend on more penetration resistant to attacks; limit the damage from attacks when they occur; and make the systems resilient and survivable.
Revision 5 of this foundational NIST publication represents a one-year effort to develop the next generation security and privacy controls that will be needed to accomplish the above objectives. It includes significant changes to make the controls more consumable by diverse groups including, for example, enterprises conducting mission and business operations; engineering organizations developing systems and systems-of-systems; and industry partners building system components, products, and services. The major changes to the publication include:
We will continue to keep you updated on the progress of the internal review and the anticipated release date.