NIST releases final version of guide for organizations to assess effectiveness of security controls

The National Institute of Standards and Technology has updated a key security control assessment guidance, designed to offer organizations “a starting point” that is flexible enough for widespread use “while providing consistency in conducting control assessments.”

The final version of NIST Special Publication 800-53A, revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations,” was posted today and “reflects NIST’s responses to public comments made to a previous draft,” according to the agency.

“This publication was developed...