Control Baselines for Information Systems and Organizations: Draft NIST SP 800-53B

seeks feedback on Draft
NIST Special Publication (SP) 800-53B
, Control Baselines for Information Systems and Organizations
SP 800-53B provides three security control baselines for low-impact,
moderate-impact, and high-impact federal systems, as well as a privacy control
baseline for systems irrespective of impact level. The security and privacy
control baselines have been updated with the controls described in SP 800-53,
Revision 5; the content of control baselines reflects the results of a
comprehensive interagency review conducted in 2017 and continuing input and
analysis of threat and empirical cyber-attack data collected since the update
to SP 800-53.

addition to the control baselines, this publication provides tailoring guidance
and a set of working assumptions to help guide and inform the control selection
process for organizations. Finally, this publication provides guidance on the
development of overlays to facilitate control baseline customization for
specific communities of interest, technologies, and environments of operation.
The control baselines were previously published in NIST SP 800-53, but moved so
that SP 800-53 could serve as a consolidated catalog of security and privacy
controls that can be used by different communities of interest.

addition to your feedback on the three security control baselines, NIST is also
seeking your comments on the privacy control baseline and the privacy control
baseline selection criteria.  Since the selection of the privacy control
baseline is based on a mapping of controls and control enhancements in SP
800-53 to the privacy program responsibilities under OMB Circular A-130,
suggested changes to the privacy control baseline must be supported by a
reference to OMB A-130.  Alternatively, you may provide a description and
rationale for new or modified privacy control baseline selection

feedback on this draft publication is important to us. We appreciate each
contribution from our reviewers from the public and private sectors, nationally
and internationally, to help shape NIST publications to ensure they meet the
needs and expectations of our customers.

A public comment period for this document is open through
September 11, 2020.
See the publication
for a copy of the draft and instructions for providing
comments (including a comment template spreadsheet for your use).

A call for patent claims is included on page vi of this draft. For additional
information, see the Information
Technology Laboratory (ITL) Patent Policy–Inclusion of Patents in ITL