The National Institute of Standards and Technology (NIST) has released an update on Special Publication 800-53 Revision 5, which is the Security and Privacy Controls for Information Systems and Organizations.
The document itself stated, “This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks.”
The two main takeaways were addressing the strength of security and privacy controls and how confident an organization was in those controls. With new cybersecurity risks emerging for federal government agencies and other organizations, these new guidelines are meant to help people protect their data and avoid cyber attacks altogether.
Most Impactful Changes
Many of the new changes outlined how organizations can strengthen their security measures by adapting them to more modern platforms like cloud computing and Internet of Things devices. In addition to bringing security up to speed in the changing tech landscape, some of the other key changes were:
Federal agencies are required to implement any new updates in the NIST guidelines, as well as their third party contractors. Following these guidelines in the private sector is voluntary, but are encouraged to adopt the new guidelines. NIST Fellow, Ron Ross said that the new guidelines are broad and are flexible to be adapted to any organization. Essentially, these guidelines could potentially save an organization from cyber threats, which is why all groups should review the updated content.
Following Security Standards
SecureData adheres to all privacy and security guidelines required to offer secure and professional data security solutions. Our data recovery service is the most certified in the industry with security controls in the lab, in the communication methods with customers, and the way recovered data is returned to the client.
Our line of hardware encrypted data storage devices is FIPS 140-2 Level 3 Validated for government-tested security and are GDPR and HIPAA Compliant. As a company, we are regularly audited by a third party company to ensure we are meeting industry standards in security and privacy. Learn more about our secure products and service offerings by visiting our website.