The National Institute of Standards and Technology (NIST)...
The National Institute of Standards and Technology (NIST) released revisions Tuesday to Special Publication 800-53, its “foundational” cybersecurity guide for federal agencies; the revisions include new guidelines on advanced persistent threats, foreign manipulation of the global supply chain and smartphone…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
security vulnerabilities (http://1.usa.gov/11TKtm1). The revisions, which were the most extensive the agency has made since releasing the guide in 2005, came in response to more-sophisticated and more-frequent cyberattack threats, NIST said. The revisions also included eight new groupings of privacy controls based on the Fair Information Practice Principles, NIST said. The agency called for “a more holistic approach” to information security and risk management in the revisions, including maintaining “cybersecurity hygiene” best practices and applying state-of-the-art engineering principles to minimize cyberattack effects. Federal agencies can tailor the guidelines to suit their specific needs based on NIST-provided overlays, lists of guidelines and controls that best apply to specific agencies’ missions, as well as to specific technologies. Ron Ross, NIST’s Federal Information Security Management Act implementation project leader, did not comment, but said in a news release that “this specialization approach to security control selection is important as the number of threat-driven controls and control enhancements increases and organizations develop specific risk management strategies” (http://1.usa.gov/101vBhd).