Skip Navigation
 
   

NAID Reviewing Proposed NIST Guidance for Possible Comment

Bookmark and Share

August 30, 2017
 
NAID is currently reviewing proposed updates to Security and Privacy Controls for Information Systems and Organizations (Special Publication 800-53, Revision 5) to determine the extent to which the advice provided adequately address proper and secure information disposition. NAID CEO Bob Johnson says the association will likely comment if only to support some of the changes.
 
“We fully support that the guidance calls for the sanitization of electronic storage devices even where data is thought to be encrypted,” says Johnson, “and we certainly want to encourage such advice.”
 
On the other hand, Johnson says the guidance may prove to be a little weak on aspects of security controls surrounding the engagement of third party vendors, such as secure data destruction services.
 
“Guidance often overlooks the fact that a significant portion of IT security, including disposition, are outsourced,” say Johnson. “We want to make sure any guidance addresses the role of due diligence in contracting such vendors.”
 
Comments are due on September 12, 2017. NIST has said they expect the final guidance document to be published in December of this year.