The National Institute of Standards and Technology (NIST) has issued its latest and final version of organizational guidance to assess its internal IT security systems, following a draft copy and comment period.

The document is titled “Assessing Security and Privacy Controls in Information Systems and Organizations” updated to correspond with the privacy and security controls in SP 800-53 Revision 5. This publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework.

The National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure.

The SP 800-53A assessment processes are flexible, offering a framework and beginning for control assessments, and can be personalized to the needs of organizations and assessors. NIST officials comprehensively review best practices in assessment procedures to regulate the efficiency of the defense software in place.

Guidelines included in the final draft emphasize improving organizational assessments of current cybersecurity infrastructure, promoting better cybersecurity awareness among users, enabling cost-effective security assessment procedures and privacy controls, and creating reliable security information for executives.

To facilitate use, the assessment procedures are published in multiple data formats, including comma-separated values (CSV), plain text, and Open Security Controls Assessment Language (OSCAL). Click here to view the full document by NIST on best practices in security assessments for organizations.