The National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) has announced both an updated, and a new initial draft publication, over the past two weeks that is fairly significant to most of us in the security field.  The NIST ITL group is charged with �??promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology�?�.

NIST ITL has published an online database of controls for NIST 800-53 rev. 4 �??Recommended Security Controls for Federal Information Systems and Organizations�?�.  This will enable organizations to quickly search and download the catalog of security controls and procedures defined in this publication.  The link above contains additional information, as well as a link to the files available for download for both revisions 3 and 4 of NIST 800-53.

The second release is an initial publication of NIST 800-160 �??Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems�?�.   This document is an excellent source of information for all security professionals, whether in the role of a Security Engineer as a full time position, or an Operations Analyst who is part of a �??one stop shop�?? for delivery and operations of security systems.  The document does a good job of explaining how Security integrates into the planning, design, and delivery of systems, and how our efforts integrate with the overall systems engineering program.  I hope to have some time for a more comprehensive summary in the coming weeks as this is one of the most useful publications I�??ve seen come out of NIST in a number of years.

tony d0t carothers --gmail