NIST Cybersecurity Assessment Guidance Final Edition Released
The National Institute of Standards and Technology (NIST) has released the finalized edition of its latest guidance for companies to assess internal security IT systems.
The publication entitled “Assessing Security and Privacy Controls in Information Systems and Organizations” provides a set of procedures for conducting assessments of security and privacy controls employed within systems and organizations. The document specifically focuses on helping organizations manage cybersecurity risks across their individual networks.
The assessment procedures, which are executed at various phases of the system development life cycle are consistent with the security and privacy controls in NIST SP 800-53, Revision 5. The procedures are customizable and can be tailored to provide organizations with the flexibility to conduct security and privacy control assessments that support organizational risk management processes. The procedures also are aligned with the stated risk tolerance of the organization.
The guidance also has information on building effective security and privacy assessment plans is also provided along with guidance on analyzing assessment results.
Guidelines in this final draft emphasize improving organizational assessments of current cybersecurity infrastructure, promoting better cybersecurity awareness among users, enabling cost-effective security assessment procedures and privacy controls, and creating reliable security info for executives.
If you need help with NIST or understanding any of your other compliance obligations, give 2W Tech a call. Our Cybersecurity Compliance Program was designed to support businesses with their compliance obligations. Let us help you with yours.