A revision to NIST’s catalog of security and privacy controls, Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations, is available. This revision focuses on improving the security and reliability of software updates and patches in response to Executive Order 14306 on strengthening the Nation’s cybersecurity.
SP 800-53 Release 5.2.0 addresses multiple aspects of the software development and deployment process, including software and system resiliency by design, developer testing, the deployment and management of updates, and software integrity and validation. This update also revises the discussion sections of some existing controls to provide additional scoping and implementation examples. Additionally, SP 800-53A Release 5.2.0 provides corresponding updates to SP 800-53A, Assessing Security and Privacy Controls in Information Systems and Organizations. No changes were made to SP 800-53B, Control Baselines for Information Systems and Organizations, but a new release has been issued for consistency.
NIST is providing updates to the control catalog through the Cybersecurity and Privacy Reference Tool (CPRT), which allows downloads of machine-readable formats, including OSCAL and JSON. NIST has also adopted a new public engagement tool that allows stakeholders to respond to proposed changes in real time during comment periods, make suggestions at any time, and preview planned updates before the final is issued.
SP 800-53 Release 5.2.0 is available through CPRT and can be viewed in a browser or downloaded in OSCAL, JSON, and spreadsheet formats. Learn more about this revision, the security and privacy controls, control baselines, and assessment procedures, and other resources supporting the NIST Risk Management Framework.
Please direct questions to the NIST Risk Management Framework Team at sec-cert@nist.gov.