With the increase in probing and attacks against government systems a minimum baseline security is required to ensure adequate protections exist.
What is it?
NIST 800-53 compliance is a major component of FISMA compliance. It also helps to improve the security of your organization’s information systems by providing a fundamental baseline for developing a secure organizational infrastructure. NIST compliance guidance provides the security instructions to help government organizations—and more recently commercial organizations who store, process, display or transmit sensitive data—prepare for authorization under the governments certification and accreditation program under FISMA.
NIST SP 800-53 recommends a set of security controls that represents IT security guidance endorsed by the
- U.S. Department of Defense
- Intelligence community
- Civil agencies
These Controls are tiered based upon the severity of impact from low, to medium, to high. All controls are apart of 1 of the 18 following families.
- Access Control
- Audit and Accountability
- Awareness and Training
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical and Environmental Protection
- Planning
- Program Management
- Risk Assessment
- Security Assessment and Authorization
- System and Communications Protection
- System and Information Integrity
- System and Services Aquisition
SP 800-53 has been called, “the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.”
NIST 800-53 is a publication that recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security. In fact, several of the NIST 800-53 security controls are aligned with the ISO/IEC 27001 Controls
Companies are now finding the government is writing NIST security responsibilities into contracts for outsourced services and products.