The National Institute of Standards and Technology has finalized changes to its catalog of security and privacy controls to help improve the security of software updates and patches.
NIST said Wednesday the revised Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, was issued in response to an executive order aimed at strengthening U.S. cybersecurity.
“The changes are intended to emphasize secure software development practices, and to help organizations understand their role in ensuring the security of the software on their systems,” said Victoria Pillitteri, a computer scientist at NIST who led the project. “Ultimately, we want to help them achieve their goals while minimizing the risk of a patch creating unintended consequences.”
NIST’s Revised Security & Privacy Control Catalog
The modifications to NIST’s SP 800-53 address developer testing; software and system resiliency by design; software integrity and validation; and deployment and management of updates.
The updated version of NIST’s catalog of security and privacy safeguards, SP 800-53 Rev. 5.2.0, features three new controls: logging syntax, root cause analysis and design for cyber resiliency.
The catalog’s Logging Syntax (SA-15), for instance, defines an electronic format for recording security-related events to improve incident response.
“The updated controls emphasize the importance of monitoring the particular component being updated as well as the component’s relationship to the overall system,” Pillitteri said.
NIST has implemented a new public engagement process and started offering updates to the control catalog through the Cybersecurity and Privacy Reference Tool.
Related Articles
One of the Department of the Air Force’s prototype platforms for the Collaborative Combat Aircraft, or CCA, program performed its inaugural flight at a test location in California as it transitions to the flight testing phase. The Air Force said Wednesday it developed the CCA platform, YFQ-42A, with General Atomics. Achieving Development Milestone in Air Force’s Collaborative Combat Aircraft Program “This milestone showcases what’s possible when innovative acquisition meets motivated industry,” said Secretary of the Air Force Troy Meink. “In record time, CCA went from concept to flight — proving we can deliver combat capability at speed when we clear
The Defense Counterintelligence and Security Agency is preparing to migrate the Defense Information System for Security to the cloud this weekend, a move that marks a significant milestone in its broader 2025–2030 Information Technology Strategic Plan. The transition is part of the “Cloud Smart” strategy under the National Background Investigation Services program and aligns with the Department of Defense’s emphasis on leveraging cloud computing to strengthen mission capabilities, streamline operations and enhance customer experience, DCSA said Wednesday. “These migrations and modernization efforts will offer improved access for federal agencies, enhanced security features and streamlined clearance verification processes,” said Lindley Earl,
The National Security Agency and other U.S. and international agencies have issued a joint cybersecurity advisory to address evolving threats from the Chinese government. Join the Potomac Officers Club’s 2025 Intel Summit on Oct. 2 to gain insights from intelligence community experts as they talk about the role of intelligence in safeguarding the nation. The advisory, titled “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System,” aims to expose China-sponsored advanced persistent threat, or APT, actors that target telecommunications, government, transportation, lodging and military infrastructure networks worldwide, NSA said Wednesday. Report Reveals Potential Cyberthreats According to the