User:AbleArcher99/sandbox

This is a practice citation.

I also want to practice re-using a citation.

If you find this page looking for the California Privacy article, I went with the other article as my choice, NIST SP 800 53.

This is a citation list for my article on NIST SP 800-53:

https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-5/final/documents/sp800-53r4-to-r5-comparison-workbook.xlsx

https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-5/final/documents/sp800-53r4-appj-to-r5-comparison.xlsx

https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/archive/2020-09-23

This is the working section change for the following article: NIST Special Publication 800-53. It includes previous language with the updates and changes embeded.

The updates go into the section on "Fifth Revision."

NIST SP 800-53 Revision 5 removes the word "federal" to indicate that these regulations may be applied to all organizations, not just federal organizations. This is a fundamental shift in the intent of the document to being a unified set of standards for everyone regardless of organization type. The first public draft was published on August 15, 2017. A final draft release was set for publication in December 2018, with the final publication date set for March 2019."[9] Per the NIST Computer Security Resource Center (CSRC),[10] major changes to the publication include:

Making the security and privacy controls more outcome-based by changing the structure of the controls;

Fully integrating the privacy controls into the security control catalog creating a consolidated and unified set of controls for systems and organizations;

Separating the control selection process from the actual controls, thus allowing the controls to be used by different communities of interest including systems engineers, software developers, enterprise architects; and mission/business owners;

Eliminating the term information system and replacing it with the term system so the controls can be applied to any type of system including, for example, general-purpose systems, cyber-physical systems, industrial/process control systems, and IoT devices;

De-emphasizing the federal focus of the publication to encourage greater use by nonfederal and non-American organizations;

Promoting integration with different risk management and cyber security approaches and lexicons, including the Cybersecurity Framework (add link to https://en.wikipedia.org/wiki/NIST_Cybersecurity_Framework);

Clarifying the relationship between security and privacy to improve the selection of controls necessary to address the full scope of security and privacy risks; and

Incorporating new, state of the practice controls based on threat intelligence and empirical attack data, including controls to strengthen cybersecurity and privacy governance and accountability.

As of September 2019, Revision 5 was delayed due to a potential disagreement among the Office of Information and Regulatory Affairs (OIRA) and other U.S. agencies.[11]

The initial version of Revision 5 was released on September 23, 2020[12] and is available on the NIST website at the following link: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

On December 10, 2020, NIST released an updated version of the Fifth Revision that included minor updates, and it supersedes the version released on September 23, 2020.

The list of changes is contained on page xvii in the Errata section within that version. Most updates were minor editorial changes, but there are some substantive updates as well. Each is marked as to editorial or substantive within that section of the document.

The Fifth Revision adds an entirely new control family that was previously identified as a key focus area in the Fourth Revision. That new control family is SR - Supply Chain Risk Management. There are 12 controls and 15 control enhancements to manage information system supply chains. This supply chains are structured to apply to physical supply chains but can apply to other supply chains such as a data supply.

Mitre Corporation provided a breakdown of all the changes to controls between Forth Revision and Fifth Revision that was prepared for the United States Government and shard with permission by NIST. (citation to comparison workbook)

The Fifth Revision better integrates privacy concerns in the control structure. Those privacy controls used to be captured within the Revision Four Appendix J. (citation to appj comparison)

Change the information about the "first public draft" to add other draft dates listed on the Archive link.