NIST Special Publication 800-53, Revision 4, represents the
most comprehensive update to the security controls catalog
since its inception in 2005. The publication was developed by NIST,
the Department of Defense, the Intelligence Community, and the
Committee on National Security Systems as part of the Joint Task Force,
an interagency partnership formed in 2009.
This update was motivated principally by the expanding threat space
—characterized by the increasing sophistication of cyber attacks and the operations tempo of adversaries (i.e., the frequency of such attacks, the professionalism of
the attackers, and the persistence of targeting by attackers). Stateof-the-practice
security controls and control enhancements have been developed and integrated
into the catalog addressing such areas as: mobile and cloud computing; applications security; trustworthiness, assurance, and resiliency of information systems; insider threat; supply chain security; and the advanced persistent threat.
most comprehensive update to the security controls catalog
since its inception in 2005. The publication was developed by NIST,
the Department of Defense, the Intelligence Community, and the
Committee on National Security Systems as part of the Joint Task Force,
an interagency partnership formed in 2009.
This update was motivated principally by the expanding threat space
—characterized by the increasing sophistication of cyber attacks and the operations tempo of adversaries (i.e., the frequency of such attacks, the professionalism of
the attackers, and the persistence of targeting by attackers). Stateof-the-practice
security controls and control enhancements have been developed and integrated
into the catalog addressing such areas as: mobile and cloud computing; applications security; trustworthiness, assurance, and resiliency of information systems; insider threat; supply chain security; and the advanced persistent threat.
