While Congress has been slow to act on privacy issues, the National Institute of Standards and Technology (NIST) is getting out ahead of any Federal legislation when it comes to addressing the matter.
“We have a full court press on at NIST to fully integrate privacy into all of our FISMA [Federal Information Security Management Act] publications that we’ve been working on,” said NIST fellow Ron Ross during an event September 2 hosted by GovernmentCIO.
The NIST Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, has been revised since its previous version, which included privacy controls as an appendix.
“We’ve taken all the controls in the appendix and we’ve fully integrated them into the catalog of controls,” Ross said. He said the final version will be released “very soon.” A draft was released earlier this year.
“It’s seamless now,” he said. “Privacy is critically important today, it stands shoulder-to-shoulder with cybersecurity.”
Also included in the updated version is a whole new family of supply chain controls, Ross said, mentioning the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). “If we can’t get the supply chain right, we’re going to be flying blind,” he said.