NIST documents tend to be picked up and used as the practical measures that many organisations implement so it’s worth keeping up to date with the latest versions. Linking these controls to what my company does (shameless plug for Glock Enterprises), I can see controls for Training & Awareness, Threat Modeling, Threat Hunting, Compliance Testing, Asset Management… just about everything I’m involved in. Time to check that your security program is addressing these controls…:
NIST has now finalized its guidance providing important information on selecting both security and privacy control baselines for the Federal Government. The guidance is available here: Special Publication 800-53B, Control Baselines for Information Systems and Organizations. As we previously discussed when the draft version was released, these control baselines are from NIST Special Publication 800-53, and have been moved to this separate publication as a consolidated catalog of privacy and security controls. While the implementation of a minimum set of controls is required for protecting federal information systems, NIST envisions that these control baselines can be implemented by any organization that processes, stores, or transmits information.