Policy Insights: NIST SP 800-53 Revision 5 Released – Next Generation Security and Privacy Controls – Security Boulevard

NIST SP 800-53 Revision 5 Released – Next Generation Security and Privacy Controls – Security Boulevard

Draft 5 of SP 800-53 closed its comment period back in May, and was just released as SP 800-53 Revision 5 on September 23, 2020 in its final form. The post NIST SP 800-53 Revision 5 Released – Next Generation Security and Privacy Controls appeared first on K2io.

NIST SP 800-53 Revision 5 Released – Next Generation Security and Privacy Controls – Security Boulevard

 

Policy Insights:

According to Jayant Shukla, CTO and Co-Founder of K2 Cyber Security:

“In addition to privacy controls, the new NIST SP 800-53 includes two major updates that boost the importance of application security.  The new framework includes requirements for both Runtime Application Self-Protection (RASP) and Interactive Application Security Testing (IAST).  These important additions reflect an increased need for better application security in the light of growing data breaches and cyber attacks.

Unlike perimeter security solutions such as WAFs, a RASP solution sits on the same server as the application,and provides continuous security for the application during runtime to protect vulnerabilities in the application from being exploited by attacks.  By residing on the server, a RASP solution has complete visibility into the application, can analyze the application’s execution for better validation, and can understand the context of the application’s interactions. RASP solutions benefit by being close to the application in a way that network perimeter security solutions can not.

With the update to require IAST, application security gets a new focus in development as part of the mainstream NIST framework and should help developers catch security flaws before an application is launched.

While NIST frameworks are requirements for Federal governmental agencies and the organizations that work with them, these new requirements around RASP and IAST should encourage all organizations to take a fresh look at their application security and the tools they use in their own infrastructure.”