NIST 800-53

NIST 800-53 provides a comprehensive catalog of security controls. NIST 800-53A provides a framework for assessing the adequacy of in-place controls. Although both are targeted to the federal government, many organizations appreciate the depth and prescriptive nature of the NIST standards. As a result, they are widely used outside of government, even if used as a complement to other standards such as ISO/IEC 27002. NIST 800-53 addresses a wide range of controls. The controls consider multiple aspects, including management, technical, and operational. The catalog of controls is grouped into 17 families of controls, which include the following:

  • Access Control

  • Awareness and Training

  • Audit and Accountability

  • Configuration Management

  • Contingency Planning

  • Identification and Authentication

  • Incident Response

  • Maintenance

  • Media Protection

  • Physical and Environmental Protection

  • Planning

  • Personnel Security

  • Risk Assessment

  • Security Assessment and Authorization

  • System and Services Acquisition

  • System and Communication Protection

  • System and Information Integrity

The framework for each of the preceding families of controls is composed of the following elements:

  • Control—A descriptive statement of the security measure put in place to provide reasonable assurance the process or function is working as expected

  • Supplemental guidance—Additional guidance for consideration

  • Control enhancements—Information on augmenting the control with additional functionality or increased security

  • References—A listing of related federal laws, executive orders, directives, policies, standards, and guidelines related to the control

  • Priority and baseline allocation—A listing of codes used for prioritizing decisions during security control implementation and control enhancements for systems of varying degrees of impact

This standard discusses in detail the process for conducting assessments. This includes topics on preparing for the assessment, developing the plans, conducting the assessment, and follow-on reporting, analysis, and other activities.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.219.198.159