NIST Releases Updated Cyber and Privacy Guidance Draft

The government’s cybersecurity standards agency published a draft version of a major revision to its guidance on security and privacy controls for government and industry Tuesday.

Among other changes, the new document better integrates privacy and cyber controls, and better syncs those controls with recommendations in the National Institute of Standards and Technology’s cybersecurity framework, according to an introduction from NIST Fellow Ron Ross.

Federal agencies are now required to use the NIST framework as part of their information security plans, following a May executive order from President Donald Trump.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Controls are essentially the policies, protocols and safeguards employees follow to keep from damaging the security and privacy of information.

This is the fifth update of NIST’s Security and Privacy Controls for Federal Information Systems and Organizations. The document will be open for public comments until September 12.

NIST plans to issue one more draft version of the updated document in October and to release a final draft before the end of the year.

The updated document aims to better clarify the relationship between security and privacy to help government agencies and other organizations better understand the scope of privacy concerns.

The draft also incorporates “new, state-of-the-practice controls based on threat intelligence and empirical attack data.”