<Li> Revised security control structure with a new references section; </Li> <Li> Elimination of security requirements from supplemental guidance sections; </Li> <Li> Guidance on using the risk management framework for legacy information systems and for external information system services providers; </Li> <Li> Updates to security control baselines based on current threat information and cyber attacks; </Li>

The nist’s security and privacy controls special publication 800-53 revision 4