On November 6th, the National Institute of Standards and Technology (NIST) issued an update to SP 800-53, a NIST-curated catalog of controls that organizations can implement to effectively manage security and privacy risk. In this blog we’ll cover the new and updated controls within patch release 5.1.1, as well as review how Rapid7 InsightCloudSec helps security teams implement and continuously enforce them across their organizations. Let’s dive right in.
Updates to NIST SP 800-53 Compliance Pack: What You Need to Know About Revision 5.1.1
Unlike the large revision that occurred a few years back when Revision 5 was released - which brought with it nearly 270 control updates in aggregate - this update doesn’t have quite the far-reaching implications. That said, there are a few changes to be aware of. Release 5.1.1 added one new control with three supporting control enhancements, along with some minor grammar and formatting structure changes to other existing controls. Organizations are not mandated to implement the new control and have the option to defer implementation until SP 800-53 Release 6.0.0 is issued, however there is no defined timeline for when 6.0.0 will be released.
While there is no mandate at this time, the team here at Rapid7 generally advises our customers to adopt new patch releases immediately to ensure alignment with the most up-to-date best practices and that your team is covered for emerging attack vectors. In this case, we recommend adopting 5.1.1 primarily to ensure you’re effectively implementing encryption and authentication controls across your environment.
The ne ..
Support the originator by clicking the read the rest link below.
){kind=link}