NIST has issued Special Publication (SP) 800-53 Release 5.2.0, Security and Privacy Controls for Information Systems and Organizations, which focuses on improving the security and reliability of software updates and patches in response to Executive Order 14306 on strengthening the Nation’s cybersecurity.
SP 800-53 Release 5.2.0 addresses multiple aspects of the software development and deployment process, including software and system resiliency by design, developer testing, the deployment and management of updates, and software integrity and validation. This update also revises the discussion sections of some existing controls to provide additional scoping and implementation examples. Additionally, SP 800-53A Release 5.2.0 provides corresponding updates to SP 800-53A, Assessing Security and Privacy Controls in Information Systems and Organizations. No changes were made to SP 800-53B, Control Baselines for Information Systems and Organizations, but a new release has been issued for consistency.
SP 800-53 Release 5.2.0 is available through CPRT and can be viewed in a browser or downloaded in OSCAL, JSON, and spreadsheet formats. Learn more about this revision, the security and privacy controls, control baselines, and assessment procedures, and other resources supporting the NIST Risk Management Framework.
Please direct questions to the NIST Risk Management Framework Team at [email protected].
