DRAFT Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations (Initial Public Draft)

Editor’s Note:  The draft of SP-800-53 Rev. 4 is attached below.  Comments are due: April 6, 2012

From: NIST

NIST announces the Initial Public Draft of Special Publication (SP) 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Special Publication 800-53, Revision 4, represents the culmination of a year-long initiative to update the content of the security controls catalog and the guidance for selecting and specifying security controls for federal information systems and organizations. The project was conducted as part of the Joint Task Force Transformation Initiative in cooperation and collaboration with the Department of Defense, the Intelligence Community, the Committee on National Security Systems, and the Department of Homeland Security. The proposed changes included in Revision 4 are directly linked to the current state of the threat space (i.e., capabilities, intentions, and targeting activities of adversaries) and the attack data collected and analyzed over a substantial time period. In particular, the major changes in Revision 4 include:

NIST Guidelines for Securing Wireless Local Area Networks (WLANS)

Attached below is a Bulletin from NIST’s Information Technology Laboratory discussing agency guidance for securing WLANS.  The document notes that,

NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs), was written by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity. The publication supplements other NIST publications on the security of wireless local area networks; it summarizes and strengthens recommendations to help organizations improve the security configuration and monitoring of their IEEE 802.11 wireless local area networks and their devices connecting to the networks. The recommendations included in SP 800-153 are applicable to the protection of unclassified wireless networks and of unclassified facilities that are within range of unclassified wireless networks.

In Memoriam: Paul Bartock

From: SANS Institute

One of the rarest of men died yesterday, far too soon. Paul Bartock was a Renaissance man. He was a carpenter and a paramedic and he was one of the top cybersecurity engineers in the United States. When you hear people say, “NSA has the best cybersecurity talent,” they were talking in many, many cases about the groups that Paul led at the National Security Agency.  He was at home with generals and equally so with maintenance folks and also with the product development gurus shaping the future of information and networking technology. I could go on, but there will be a chance to share Paul stories in Washington in three weeks at a memorial service where we can raise a glass to him and share our recollections.

Securing U.S. Cyberspace

From: Council on Foreign Relations

Author: Jonathan Masters, Associate Staff Writer

In January 2012, FBI Director Robert Mueller (ABC) testified that the cyber threat to the United States is expected to eclipse the threat of terrorism in the coming years. Though the country has avoided a cyber “Pearl Harbor” to date, a steady stream of significant cyber attacks, particularly by foreign sources conducting major acts of espionage, indicate the nation’s ongoing vulnerability, say some analysts. Safeguarding digital networks has been a priority of Washington for several years, but thus far the federal government has not mandated minimum levels of cybersecurity for private operators of critical information systems. Bipartisan legislation introduced in the U.S. Senate this month proposes new standards for the protection of critical infrastructure and enhancing sharing of threat information between government and private industry.

Updated FISMA Implementation Schedule

Attached below is NIST’s updated schedule for FISMA Implementation Project Publications.