Most software needs updating after its initial release to address bugs, newly identified vulnerabilities, and revisions to features and functionality. But software patches and other changes can introduce new cybersecurity and privacy risks and can impair operations if not managed effectively. To support successful, secure software updates and patches, the National Institute of Standards and Technology (NIST) has finalized modifications to its catalog of security and privacy safeguards to assist both the developers who create patches and the organizations that receive and implement them in their own systems.
Many IT professionals will instantly recognize this catalog as one of NIST’s flagship risk management publications: Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication (SP) 800-53). It is a comprehensive catalog of security and privacy safeguards, called controls, for strengthening the systems, products and services that underlie the nation’s businesses, government and critical infrastructure.