Almost four years after the release of the NIST SP 800-53 Revision 3, Revision 4 was made public on April 30, 2013. The most important change and primary benefit of this revision were that it expanded its scope beyond private companies who had to comply with the FISMA. Revision 4 was applicable to the Department of Defense (DoD), the Intelligence Community, and to any civilian agency.
Revision 4 further considered the advancements in technology and newly emerging security threats since 2009 and proposed security controls for mobile computing, cloud computing, supply chain vulnerabilities and risks, and insider threats. Additionally, revision 4 referenced the “Fair Information Practice Principles” and categorized an additional 200 security controls from revision 3, taking up the total to 800 (Wang, 2013).
Wang, S. (2013, May 6). NIST 800-53 Revision 4: What’s New. Retrieved from http://www.mythics.com/about/blog/nist-800-53-revision-4-whats-new