NIST announces the release of the final public draft of Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations. The final public draft of Special Publication 800-53, Revision 3, is historic in nature. For the first time, and as part of the ongoing initiative to develop a unified information security framework for the federal government and its contractors, NIST has included security controls in its catalog for both national security and non national security systems. The updated security control catalog incorporates best practices in information security from the United States Department of Defense, Intelligence Community, and Civil agencies, to produce the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.

The standardized set of management, operational, and technical controls provide a common specification language for information security for federal information systems processing, storing, and transmitting both national security and non national security information. The revised security control catalog also includes state-of-the-practice safeguards and countermeasures needed by organizations to address advanced cyber threats capable of exploiting vulnerabilities in federal information systems. The important changes in Special Publication 800-53, Revision 3 are part of a larger strategic initiative to focus on enterprise-wide, near real-time risk management; that is, managing risks from information systems in dynamic environments of operation that can adversely affect organizational operations and assets, individuals, other organizations, and the Nation. The final publication of Special Publication 800-53, Revision 3 is targeted for July 31, 2009. Comments will be accepted until June 30, 2009 and should be sent to sec-cert@...

URL to Draft SP 800-53 Rev. 3:

http://csrc.nist.gov/publications/PubsDrafts.html#800-53_Rev3