NIST SP 800-53 Compliance Checklist for IT Admins
Although NIST’s 800-53 guidance previously referred to federal IT systems, any organization can (and probably should) use the institute’s guidance to ensure compliance and put proper security controls in place.
We developed a checklist with controls to secure user identities and their access to resources across an environment. Read on to learn about NIST SP 800-53 and use the checklist to prepare for compliance.
What is the NIST SP 800-53?
The National Institute of Standards and Technology (NIST) Special Publication 800-53 (SP 800-53) is a set of information security standards and controls for all U.S. Federal IT systems except for those related to United States national security. NIST 800-53 covers the Risk Management Framework steps, including selecting a controls baseline and adapting those controls following risk assessment results. Some of the Control Families included in NIST 800-53 are access control, incident response, continuity, and disaster recovery. NIST develops and issues standards and guidelines to assist federal agencies in implementing the Federal Information Security Modernization Act of 2014 (FISMA).
The NIST SP 800-53 is currently on its fifth revision and was last updated in September 2020 after a lengthy delay. The original draft of revision five was released in August of 2017. The wait was due to disagreement among the Office of Information and Regulatory Affairs (OIRA) and other U.S. agencies. The security controls are broken up by low-impact, moderate-impact, and high-impact.
When revision three was implemented, it focused on a simplified, six-step risk management framework. It introduced security controls and enhancements for cyber threats. It also provided recommendations for prioritizing security controls during deployment.
Revision four was introduced in 2012 when the world was rapidly expanding the use of technology. Key additions avoided insider threats, dealing with social networking, mobile devices, and cloud computing strategies.
In revision five, the term “federal” was removed to emphasize that all organizations should consider these controls. It also clarified the relationship between security and privacy to improve the selection of controls necessary to address modern security and privacy risks.
NIST 800-53 Compliance Checklist
There are four key steps when preparing for (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Cassa Niedringhaus. Read the original post at: https://jumpcloud.com/blog/nist-800-53-compliance-checklist
