NIST SP 800-53 stands for the National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal Information Systems Organization. That’s a mouthful, right? This standard is critical, though.
NIST 800-53 is a set of guidelines designed to make it easier for federal agencies and contractors to meet the requirements imposed by the Federal Information Security Management Act, or FISMA.
If you’ve ever wondered why NIST 800-53 matters, this post is here to help explain it. Read on.
NIST SP 800-53 seeks mainly to increase the security of information systems used by the federal government. According to DigitalGuardian.com:
“The guidelines themselves apply to any component of an information system that stores, processes, or transmits federal information. The most recent update to the guidelines was Revision 4 in April 2013 by the Joint Task Force Transformation Initiative Interagency Working Group, part of an ongoing information security partnership among the U.S. Department of Defense, the Intelligence Community, the Committee on National Security Systems, the Department of Homeland Security, and U.S. federal civil agencies.
The guidelines are revised in accordance with the evolving nature of information security and cover areas like mobile and cloud computing, insider threats, application security, and supply chain security.”
The NIST is an agency (albeit a non-regulatory one) within the U.S. Commerce Department. It was developed to encourage and assist innovation and science through a set of defined industry standards.
What NIST 800-53 Does
Before we can talk about what NIST SP 800-53 does, let’s define what exactly it is. Here’s how Techopedia.com puts it:
“NIST 800-53 is a publication that recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security.
NIST 800-53 is published by the National Institute of Standards and Technology, which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. Agencies are expected to meet NIST guidelines and standards within one year of publication.”
NIST SP 800-53 provides an exhaustive catalog of controls designed to make federal information systems more resilient. These controls are fully operational and technical and designed to create management safeguards that can then be used by various information systems. The standard seeks to promote integrity, confidentiality, and security of federal information systems.
Another primary purpose of NIST SP 800-53 is risk management. By ensuring control compliance, NIST SP 800-53 helps federal contractors employ risk management programs that keep information safe and secure.
NIST SP 800-53 does this by defining 18 different sections of what it calls the NIST SP 800-53 security control family. These are as follows:
- Access Control
- Audit and Accountability
- Awareness and Training
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Incident Response
- Media Protection
- Personnel Security
- Physical and Environmental Protection
- Program Management
- Risk Assessment
- Security Assessment and Authorization
- System and Communications Protection
- System and Information Integrity
- System and Services Acquisition
Read more:Why Follow NIST 800-53?