NIST Updates Privacy Guidelines for First Time in 7 Years

Laura BednarCybersecurityLeave a Comment

NIST Security Privacy Guideline Update

The National Institute of Standards and Technology (NIST) has released an update on Special Publication 800-53 Revision 5, which is the Security and Privacy Controls for Information Systems and Organizations.

The document itself stated, “This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks.”

The two main takeaways were addressing the strength of security and privacy controls and how confident an organization was in those controls. With new cybersecurity risks emerging for federal government agencies and other organizations, these new guidelines are meant to help people protect their data and avoid cyber attacks altogether.

Most Impactful Changes

Many of the new changes outlined how organizations can strengthen their security measures by adapting them to more modern platforms like cloud computing and Internet of Things devices. In addition to bringing security up to speed in the changing tech landscape, some of the other key changes were:

  • Outcome-based controls–the entity responsible for implementing controls is no longer part of the control statement. Instead, the goal is to review the protection outcome that is supposed to be achieved by applying a specific security measure.
  • Centralized catalog of controls–The controls that organizations use to secure information are now in one stand-alone catalog. Different industries and different administrators can all benefit from viewing the general measures in place and designing their own security procedures by choosing which controls best fit their individual procedures.
  • Clarifying language–better descriptions of the relationship between requirements and controls as well as the connection between security and privacy controls.
  • Supply chain security–the Supply Chain Risk Management control helps organizations to protect products and services in supply chain systems. This keeps national and international supply chains secure, private, and safe from threats.

Federal agencies are required to implement any new updates in the NIST guidelines, as well as their third party contractors. Following these guidelines in the private sector is voluntary, but are encouraged to adopt the new guidelines. NIST Fellow, Ron Ross said that the new guidelines are broad and are flexible to be adapted to any organization. Essentially, these guidelines could potentially save an organization from cyber threats, which is why all groups should review the updated content.

Following Security Standards

SecureData adheres to all privacy and security guidelines required to offer secure and professional data security solutions. Our data recovery service is the most certified in the industry with security controls in the lab, in the communication methods with customers, and the way recovered data is returned to the client.

Our line of hardware encrypted data storage devices is FIPS 140-2 Level 3 Validated for government-tested security and are GDPR and HIPAA Compliant. As a company, we are regularly audited by a third party company to ensure we are meeting industry standards in security and privacy. Learn more about our secure products and service offerings by visiting our website.