Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

DRAFT Special Publication 800-53 Revision 4, Appendix H is available for public comment
August 28, 2014

NIST announces the release of Draft Special Publication 800-53, Revision 4, Appendix HInternational Information Security Standards, Security Control Mappings for ISO/IEC 27001: 2013. (NOTE: This draft Appendix H for SP 800-53 Revision 4 has been approved as final and has been incoporated into the updated SP 800-53 Revision 4 document in January 2015). This update to Appendix H was initiated due to the 2013 revision to ISO/IEC 27001, which occurred after the final publication of SP 800-53, Revision 4. In addition to considering the new content in ISO/IEC 27001 for the mapping tables, new mapping criteria were employed in conducting the mapping analysis. The new criteria are intended to produce more accurate results—that is, to successfully meet the mapping criteria, the implementation of the mapped controls should result in an equivalent information security posture. While mapping exercises may by their very nature, include a degree of subjectivity, the new criteria attempts to minimize that subjectivity to the greatest extent possible. 

Comment period CLOSED on: September 26, 2014. Questions? Send email to: sec-cert@nist.gov

Created December 21, 2016, Updated August 29, 2017