We are happy to offer a copy of the NIST 800-53 rev4 security controls in Excel (XLS / CSV) format.
NIST 800-53 rev 4 Overview
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 provides guidance for the selection of security and privacy controls for federal information systems and organizations. Revision 4 is the most comprehensive update since the initial publication. This update was motivated principally by the expanding threat space and increasing sophistication of cyber attacks. Major changes include new security controls and control enhancements to address advanced persistent threats (APTs), insider threats, and system assurance; as well as technology trends such as mobile and cloud computing.
NIST 800-53 rev4 and FISMA
he Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government. The act requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. NIST 800-53 are the security standards by which FISMA is tested and measured.
800-53 Rev4 is The Gold Standard In Information Security and Privacy
NIST 800-53 rev4 has become the gold standard in security. It is by far the most robust and prescriptive set of security standards to follow, and as a result, systems that are certified as compliant against NIST 800-53 rev4 are also considered the most secure.
Risk Assessment & Gap Assessment for FISMA & NIST 800-53
If you are reading this, your organization is most likely considering complying with NIST 800-53 rev4. As part of the certification program, your organization will need a risk assessment conducted by a verified 3rd party vendor. Risk assessments and IT audits for NIST 800-53 rev4 are exactly what we do at NightLion Security. We can also help you prepare for your audit by by performing a controls gap assessment – think of it like a pre-audit. A gap assessment will show you exactly where you are deficient so you can improve those areas and be ready for your audit.
Red Team / Penetration Testing for FISMA & NIST 800-53 rev4
NightLion Security provides red team and penetration testing exercises to simulate adversaries in an attempt to compromise your organization’s intellectual property, employee data and/or sensitive business information, to fully test the security capability of the information system and organization. Exercises include information system monitoring, malicious user testing, penetration testing, red-team exercises, and other forms of security testing (e.g., independent verification and validation).