NIST Updates Security Awareness Guidelines to Include Simulated Phishing and Social Engineering Testing

NIST recently updated Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations , adding some critical new language to the sections covering security awareness. Here’s the skinny.

The relevant language is within Section 3.2 (see page 60).

NIST Control Requirements

Notice that the updated NIST standard now includes providing frequent simulated social engineering testing. Specifically, their language states, “[p]ractical exercises include no-notice social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking, via spear phishing attacks, malicious web links .”

Read all about in the blog and discuss it here:


Privacy Policy | Terms of Service