Governance Briefing — NIST releases SP 800-53B draft baselines

NIST published the initial public draft of SP 800-53B on March 16, 2020, proposing updated security and privacy control baselines aligned to SP 800-53 Revision 5. Agencies and contractors needed to review the new low/medium/high baselines and begin mapping system SSPs to the draft controls.

Zeph Tech Research Lead

Research lead, Zeph Tech

1 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: NIST issued the initial public draft of SP 800-53B on 16 March 2020, introducing revised low, moderate, and high baselines to pair with SP 800-53 Revision 5. The draft also highlighted a privacy control baseline and overlays for specific environments.

Why it matters

Baseline alignment: draft control selections will influence FedRAMP, FISMA, and contractor SSP updates once finalized.
Privacy integration: inclusion of privacy controls in the baselines increases documentation and assessment expectations.
Early feedback window: agencies and vendors could shape the final baselines through public comments.

Operator actions

Gap analysis: Compare existing moderate/high baselines to the draft control lists, noting additions or restructuring.
SSP mapping: Begin mapping system security plans and control inheritance to the proposed baseline changes.
Comment participation: Submit organizational feedback to NIST before the draft comment period closes.
Plan updates: Identify tooling or documentation changes needed once Revision 5-aligned baselines are finalized.

Timeline plotting source publication cadence sized by credibility. — 1 publication timestamps supporting this briefing. Source data (JSON)

Horizontal bar chart of credibility scores per cited source. — Credibility scores for every source cited in this briefing. Source data (JSON)

Visit pillar hub

Latest guides

Public-Sector Governance Alignment Playbook — Zeph Tech
Align OMB Circular A-123, GAO Green Book, OMB M-24-10 AI guidance, EU public sector directives, and UK Orange Book with digital accountability, risk management, and service…
Third-Party Governance Control Blueprint — Zeph Tech
Deliver OCC, Federal Reserve, PRA, EBA, DORA, MAS, and OSFI third-party governance requirements through board reporting, lifecycle controls, and resilience evidence.
Governance, Risk, and Oversight Playbook — Zeph Tech
Operationalise board-level governance, risk oversight, and resilience reporting aligned with Basel Committee principles, ECB supervisory expectations, U.S. SR 21-3, and OCC…

Why it matters

Operator actions

Related briefings

Governance Briefing — NIST releases public draft of SP 800-53 Revision 5 security and privacy controls

Governance Briefing — NIST publishes draft NISTIR 8286 on integrating cybersecurity with ERM

Governance Briefing — NIST Privacy Framework 1.0 release

Governance Briefing — NIST publishes SP 800-207 Zero Trust Architecture guidance

Governance Briefing — White House issues "15 Days to Slow the Spread" COVID-19 guidance

Continue in the Governance pillar

Latest guides