Commentary by Mark Wahl, CISA
New NIST list of security controls (20090211)
Last week NIST released a new draft of SP 800-53, Recommended Security Controls for Federal Information Systems and Organizations. They write that this is the first major update of Special Publication 800-53 since its initial publication in December 2005
.
The draft specification SP800-53 Rev 3 (PDF) contains an introductory overview of risk management and the selection and use of security controls, and new material on industrial control systems and other topics (there is a summary of changes on page viii), but as before the bulk of the document is the security control catalog, to which has been added a table mapping the controls to ISO/IEC 27001.
NIST are accepting comments until March 27, 2009.