In December 2014, the National Institute of Standards and Technology (NIST) released an updated version of Assessing Security and Privacy Controls in Federal Information Systems and Organizations, Special Publication (SP) 800-53A, Revision 4 (Assessment Guidance), which contains guidelines for developing plans and procedures to assess the security controls employed in federal information systems and organizations. The Assessment Guidance varies substantially from the previous version, driven in part by a 2013 update to a related publication, Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53).

According to the NIST bulletin announcing its release, the Assessment Guidance reflects changes to security assessment procedures that will result in significant improvements in the efficiency and cost-effectiveness of control assessments.

For more information on SP 800-53, see Legal Update, NIST Requests Comments on Final Public Draft of Federal Cybersecurity Plan.