The National Institute of Standards and Technology is seeking comments from the public on its biennial update of the catalog of security controls for the federal government, which provides a series of management, operational and protective measures that can be used by federal agencies to help protect their information systems.
The publication in question is Recommended Security Controls for Federal Information Systems and Organizations, which federal agencies and their contractors have used the past five years to enhance the security of information systems.
For the first time since the document’s original publication in 2005 and its major updates in 2006 and 2009, NIST is seeking public input before developing its revamped cybersecurity guidance.
“To keep pace with the growing threat brought about by an increasing number of cyber attacks against federal information systems, NIST is committed to producing a comprehensive catalog of cutting-edge safeguards and countermeasures that are necessary to help protect the core missions and business functions of the federal government,” said Joint Task Force leader and NIST fellow Ron Ross.
The 2011 catalog will feature updated security controls, control enhancements and supplemental guidance as well as new tailoring and supplementation guidance. The public is requested to provide comments for areas such as:
- insider threats
- software application security
- social networking, mobiles devices and cloud computing
- cross domain solutions
- advanced persistent threats
- supply chain security
- industrial/process control systems
Suggestions should be sent to firstname.lastname@example.org by April 29, 2011.