The NIST 800-53 is a catalog of controls guidelines developed to heighten the security of information systems within the federal government. These controls are used by information systems to maintain the integrity, confidentiality, and security of federal information systems that stores, processes, or transmits federal information.
The NIST guidelines consider a multi-facet approach to risk management through control compliance. SP 800-53 focuses on the controls which can be used along SP 800-37 (Risk Management Framework for Information Systems and Organizations) for a comprehensive approach to information security and risk mitigation.
The controls are broken into three classes based on impact – low, moderate, and high – and are divided into 18 different security control families.
NIST 800-53 Security Control Families
AC Access Control
AT Awareness and Training
AU Audit and Accountability
CA Security Assessment and Authorization
CM Configuration Management
CP Contingency Planning
IA Identification and Authentication
IR Incident Response
MP Media Protection
PS Personnel Security
PE Physical & Environmental Protection
PM Program Management
RA Risk Assessment
SA System & Services Acquisition
SC System & Communications Protection
SI System & Information Integrity
The ultimate objective of 800-53 is to make the information systems we depend on more penetration resistant to attack, limit the damage from cyber-attacks when they happen, and make the systems resilient as security threats continue to evolve.
Each federal agency is responsible for implementing the minimum security requirements outlined by NIST. Agency's’ compliance levels are scored periodically and poor performance numbers can result in penalties and reflect poorly on the agency’s management team and staff.
The security requirements outlined in 800-53 are very mature and describe over 800 controls across the 18 security categories which helps define “what” needs to be accomplished. However, it lacks any prescriptive detail of “how” to accomplish compliance success and what should be the priority of those requirements.
Let NNT show you how a single solution addresses a large portion of the security and compliance requirements across the various categories.
NNT solutions place emphasis on Configuration Management Policy and Procedures and Information Integrity where:
- Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications.
- State-of-the-art integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications.
- The organization employs automated mechanisms to maintain an up-to-date, complete, accurate and readily available baseline configuration of the information system.
NNT Change Tracker uses a continuous monitoring approach to provide integrity verification in real-time, providing audit trail evidence and alerts in line with 800-53.
Speak to a consultant to help you in your NIST 800-53 compliance program today!
Learn about each requirement and how NNT can help you achieve NIST 800-53 compliance
Download NIST 800-53 Checklist Reports