What is NIST 800-53?
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 provides guidance for the selection of security and privacy controls for federal information systems and organizations. Revision 4 is the most comprehensive update since the initial publication. This update
was motivated principally by the expanding threat space and increasing sophistication of cyber attacks. Major changes include new security controls and control enhancements to address advanced persistent threats (APTs), insider threats, and system assurance; as well as technology trends such as
mobile and cloud computing.
Designed to Protect Federal Information Systems
Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. Since FISMA requires that federal agencies comply with these standards, they must do so. Guidance documents and recommendations are issued in the NIST Special Publication (SP) 800 series. Office of Management and Budget (OMB) policies state that for other than national security programs and systems, agencies must follow NIST guidance.
NIST 800-53 rev4 has become the gold standard in information security frameworks
NIST 800-53 rev4 has become the defacto gold standard in security. It is by far the most rebost and perscriptive set of security standards to follow, and as a result, systems that are certifed as compliant against NIST 800-53 are also considered the most secure.
NIST 800-53 vs NIST 800-53A – The A is for Audit (or Assessment)
NIST 800-53A rev4 provides the assessment and audit procedures necessary to test information systems against the security controls outlined in NIST 800-53, revision 4.
The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security control assessments and privacy control assessments that support organizational risk management processes and that are aligned with the stated risk tolerance of the organization.
Risk Assessment & Gap Assessment NIST 800-53A
If you are reading this, your organization is most likely considering complying with NIST 800-53 rev4. As part of the certification program, your organization will need a risk assessment conducted by a verified 3rd party vendor. Risk assessments and IT audits for NIST 800-53 rev4 are exactly what we do at NightLion Security. We can also help you prepare for your audit by by performing a controls gap assessment – think of it like a pre-audit. A gap assessment will show you exactly where you are deficient so you can improve those areas and be ready for your audit.
Penetration Testing for NIST 800-53A
NightLion Security provides red team and penetration testing exercises to simulate adversaries in an attempt to compromise your organization’s intellectual property, employee data and/or sensitive business information, to fully test the security capability of the information system and organization. Exercises include information system monitoring, malicious user testing, penetration testing, red-team exercises, and other forms of security testing (e.g., independent verification and validation).
Download NIST 800-53A Audit and Assessment Checklist in XLS / CSV format
Check us out at www.securitycheckbox.com