NIST SP 800-53

NIST SP 800-53 defines how they manage their information security systems, in order to better protect both the agencies and private data.

While NIST SP 800-53 applies to any federal organization (aside from national security agencies), many private sector entities have adopted controls from this framework and its guidelines cover any component of an information system that stores, processes or transmits information.

CyGov uses the NIST SP 800-53 as the backbone of its control inventory, and creating the ability to share controls across multiple frameworks by advanced control mapping. NIST SP 800-53 breaks the guidelines up into 3 Minimum Security Controls (spread across 18 different control families).

  • High-Impact Baseline

  • Medium-Impact Baseline

  • Low-Impact Baseline

The control families are split into 18 families which include:

  • AC - Access Control

  • AU - Audit and Accountability

  • AT - Awareness and Training

  • CM - Configuration Management

  • CP - Contingency Planning

  • IA - Identification and Authentication

  • IR - Incident Response

  • MA - Maintenance

  • MP - Media Protection

  • PS - Personnel Security

  • PE - Physical and Environmental Protection

  • PL - Planning

  • PM - Program Management

  • RA - Risk Assessment

  • CA - Security Assessment and Authorization

  • SC - System and Communications Protection

  • SI - System and Information Integrity

  • SA - System and Services Acquisition

Compliance requires Implementing the following basic principles to data security:

  • Discover and Classify Sensitive Data: Locate and secure all sensitive data

  • Map Data and Permissions: Identify users, groups, folder and file permissions

  • Manage Access Control: Manage user and group memberships

  • Monitor Data, File Activity, and User Behavior: Conduct audits, detect security vulnerabilities and remediate

Enterprises and organizations in the private sector are also recommended to follow NIST SP 800-53. It is commonly considered as a roadmap for all organizations looking to develop, improve and maintain their information security practices as well as providing a robust guide for SMB enterprises.

In addition, adherence to NIST SP 800-53 also helps compliance with the Federal Information Security Management Act (FISMA). This federal law provides a framework to protect government information, operations and assets against natural and manmade threats including cyber attacks. The security controls set out by FISMA are based on the controls outlined in NIST SP 800-53.   

CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the NIST 800-53 framework both for companies who chose to use this as a risk framework (implementing though NIST CSF) or for those who want to prepare for full compliance with NIST 800-53. CyGov has mapped NIST 800-53 back to its control inventory, allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.

Background footer new.png

Follow Us

Group 9703@2x.png
Group 9705@2x.png

© 2020 by CyGov Tech