NIST 800-53 REV 5 • PROGRAM MANAGEMENT
PM-15 — Security and Privacy Groups and Associations
Establish and institutionalize contact with selected groups and associations within the security and privacy communities: To facilitate ongoing security and privacy education and training for organizational personnel; To maintain currency with recommended security and privacy practices, techniques, and technologies; and To share current security and privacy information, including threats, vulnerabilities, and incidents.
Supplemental Guidance
Ongoing contact with security and privacy groups and associations is important in an environment of rapidly changing technologies and threats. Groups and associations include special interest groups, professional associations, forums, news groups, users’ groups, and peer groups of security and privacy professionals in similar organizations. Organizations select security and privacy groups and associations based on mission and business functions. Organizations share threat, vulnerability, and incident information as well as contextual insights, compliance techniques, and privacy problems consistent with applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.
Practitioner Notes
Staying informed about cybersecurity threats and best practices means joining relevant professional groups and information-sharing organizations. You do not have to figure everything out alone.
Example 1: Join the Defense Industrial Base Cybersecurity (DIB CS) program and sign up for CISA alerts and advisories. These give you early warning about threats targeting your sector and practical guidance on how to respond.
Example 2: Subscribe to your sector's Information Sharing and Analysis Center (ISAC) — for defense contractors, that is the DIB ISAC. For healthcare organizations, join Health-ISAC. These organizations share threat intelligence, indicators of compromise, and best practices specific to your industry.