The National Institute of Standards and Technology has updated its recommended procedures to assess the implementation of security and privacy controls.
NIST said Wednesday it added new assessment procedures and a new automation-friendly structure in revision five of Special Publication 800-53A, also titled “Assessing Security and Privacy Controls in Information Systems and Organizations.”
The new procedures are made to align with updated controls for privacy and supply chain risk management.
SP 800-53A offers a risk management framework designed to make assessment procedures flexible and customizable based on an organization’s specific needs.
The updated procedures are also intended to support continuous monitoring programs and make assessments more efficient.