NIST SP 800-53: WHAT’S THE DELTA FROM REV. 4 TO REV. 5?

BY KATHRYN DAILY, CISSP, CGRC (FORMERLY CAP), RDRP NIST SP 800-53 (National Institute of Standards and Technology Special Publication 800-53) provides a set of security and privacy controls for information systems and organizations. It was initially developed by NIST thanks to the E-Government Act of 2002, or more specifically, the Federal Information Security Management Act…

Risk. What to Do With It.

By Kathryn Daily, CISSP, CAP, RDRP Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some HR data and pharmacy records. The breach was caused by a vulnerability in the Accellion file sharing system which the grocery chain immediately stopped using. As I was perusing the…

Cybersecurity Framework – Is it relevant to Federal/DoD organizations?

By Lon J. Berman, CISSP, RDRP Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), along come our friends at the National Institute of Standards and Technology (NIST) throwing another framework our way! The Cybersecurity Framework (CSF) has actually been in development since…