Date Published: July 2020
Comments Due: September 11, 2020 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov
Planning Note (7/31/2020):
We encourage you to use the comment template to record and submit your comments.
Draft SP 800-53B provides three security control baselines for low-impact, moderate-impact, and high-impact federal systems, as well as a privacy control baseline for systems irrespective of impact level. The security and privacy control baselines have been updated with the controls described in SP 800-53, Revision 5; the content of control baselines reflects the results of a comprehensive interagency review conducted in 2017 and continuing input and analysis of threat and empirical cyber-attack data collected since the update to SP 800-53.
In addition to the control baselines, this publication provides tailoring guidance and a set of working assumptions to help guide and inform the control selection process for organizations. Finally, this publication provides guidance on the development of overlays to facilitate control baseline customization for specific communities of interest, technologies, and environments of operation. The control baselines were previously published in NIST SP 800-53, but moved so that SP 800-53 could serve as a consolidated catalog of security and privacy controls that can be used by different communities of interest.
In addition to your feedback on the three security control baselines, NIST is also seeking your comments on the privacy control baseline and the privacy control baseline selection criteria. Since the selection of the privacy control baseline is based on a mapping of controls and control enhancements in SP 800-53 to the privacy program responsibilities under OMB Circular A-130, suggested changes to the privacy control baseline must be supported by a reference to OMB A-130. Alternatively, you may provide a description and rationale for new or modified privacy control baseline selection criteria.
Your feedback on this draft publication is important to us. We appreciate each contribution from our reviewers from the public and private sectors, nationally and internationally, to help shape NIST publications to ensure they meet the needs and expectations of our customers.
NOTE: A call for patent claims is included on page vi of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
SP 800-53B (Draft) (DOI)
Local Download
Supplemental Material:
Comment template (xls)
Related NIST Publications:
Document History:
07/31/20: SP 800-53B (Draft)
Security and Privacy
cyber supply chain risk management; general security & privacy; privacy; privacy controls; security controls; security programs & operations