Security Experts On Historic NIST SP 800-53

By   ISBuzz Team
Writer , Information Security Buzz | Sep 25, 2020 06:01 am PST

The final version of NIST SP 800-53 Revision 5 was released yesterday, in what NIST calls an “historic” update to its flagship security and privacy guidance, Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jayant Shukla
Jayant Shukla , CTO and Co-Founder
September 25, 2020 2:12 pm

In addition to privacy controls, the new NIST SP 800-53 includes two major updates that boost the importance of application security. The new framework includes requirements for both Runtime Application Self-Protection (RASP) and Interactive Application Security Testing (IAST). These important additions reflect an increased need for better application security in the light of growing data breaches and cyber attacks.

Unlike perimeter security solutions such as WAFs, a RASP solution sits on the same server as the application,and provides continuous security for the application during runtime to protect vulnerabilities in the application from being exploited by attacks. By residing on the server, a RASP solution has complete visibility into the application, can analyze the application’s execution for better validation, and can understand the context of the application’s interactions. RASP solutions benefit by being close to the application in a way that network perimeter security solutions can not.

With the update to require IAST, application security gets a new focus in development as part of the mainstream NIST framework and should help developers catch security flaws before an application is launched.

While NIST frameworks are requirements for Federal governmental agencies and the organizations that work with them, these new requirements around RASP and IAST should encourage all organizations to take a fresh look at their application security and the tools they use in their own infrastructure.

Last edited 3 years ago by Jayant Shukla

Recent Posts

Would love your thoughts, please comment.x