NIST Finalizes Guidance on Security and Privacy Control Baselines – SP 800-53B

Sheppard Mullin Richter & Hampton LLP

NIST has now finalized its guidance providing important information on selecting both security and privacy control baselines for the Federal Government. The guidance is available here: Special Publication 800-53B, Control Baselines for Information Systems and Organizations. As we previously discussed when the draft version was released, these control baselines are from NIST Special Publication 800-53, and have been moved to this separate publication as a consolidated catalog of privacy and security controls. While the implementation of a minimum set of controls is required for protecting federal information systems, NIST envisions that these control baselines can be implemented by any organization that processes, stores, or transmits information.

The overall purpose and intent of the guidance has not changed since we last reviewed the draft guidance, which you can review here. However, edits were made in the finalization process and this final version should be thoughtfully reviewed when implementing the control baselines.

Putting it Into Practice: Now that this guidance is final, federal contractors should review carefully as these new security and privacy baselines will be applied to any federal information system used or operated by a contractor on behalf of an agency, or another organization on behalf of an agency. Companies in the private sector should pay attention as well, as NIST guidance is often used as a basis for industry standards in security and privacy.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.