800-53 rev3 FPD

The new revision of NIST SP 800-53 (rev3) is now in FINAL Public Draft (FPD) and should be published in final form soon. When NIST moves a draft document from IPD status to FPD status, the changes are often few as the document is nearly ready for final publishing. In this case, however, the changes from the IPD version to the FPD version are massive.

A previous post (800-53 rev3 IPD) noted changes from rev2 to rev3 IPD that included a lot of restructuring of controls and control enhancements, some new controls and an entire new family of Program Management (PM) controls.

Rev3 FPD includes all of those changes and many more new ones. There may be over one hundred new control enhancements in this version and there are now well over two hundred organizationally defined parameters (ODPs) that can be used to refine/tweak controls.

In rev2, each control had a “baseline allocation bar” at the bottom that showed which of the three impact baselines included each control and enhancements. In rev3, that bar is gone and has been replaced by an appendix table that lists all controls and enhancements as well as any associated baseline by impact level. This table now also includes a new list of “prioritization” or “sequencing” codes that are intended to aid with implementation sequence planning. Some of the baseline assignments have been changed.

SEE ALSO: NIST Special Publications (800 series) – [nist.gov]

One Response to “ 800-53 rev3 FPD ”

  1. […] 800-53 rev3 FPD Final Public Draft […]