NIST 800-53 Compliance

What is the NIST Special Publication 800-53?

The National Institute of Standards and Technology (NIST) – a non-regulatory part of the US Department of Commerce – constructed a set of standards for all federal agencies to follow. NIST Special Publication 800-53 is the standard which covers security and privacy controls.

The controls set in place by NIST 800-53 are applicable to all federal data, excluding data that concerns national security and is considered sensitive information. All federal agencies have a legal duty to follow the guidelines set out by NIST 800-53 compliance, but the controls can be applied to any environment to ensure a proper level of data protection.

NIST 800-53 Controls

While the controls can be divided into different categories, the overarching goal of the standard is to ensure information systems are NIST 800-53 compliant, secure, and not vulnerable to cyber attacks.

The controls are separated into three main groups: low, medium, and high impact, and are further broken down into families:

Access Control
Audit and Accountability
Awareness and Training
Configuration
Management
Contingency Planning
Identification and
Authentication
Incident Response
Maintenance
Media Protection
Personnel Security
Physical and Environmental Protection
Planning
Program Management
Risk Assessment
Security Assessment and Authorization
System and Communications Protection
System and Information Integrity
System and Services Acquisition

Advantages of Complying with NIST 800-53

Complying with the NIST 800-53 guidelines is beneficial, especially for those who must maintain FISMA compliance, but also legally required for all federal agencies. External contractors and organizations who have access to federal data may not be legally required to maintain NIST 800-53 compliance, but they are highly encouraged to do so. The NIST 800-53 controls are recommendations that, in fact, can help agencies and teams ensure the security of their information systems.

These guidelines only serve to protect and safeguard data against attacks, which is an outcome all parties should be actively preventing. However, everyone should ensure that the NIST 800-53 controls are not the only security mechanisms in place. Additional controls are required in almost all cases as each organization or agency has its own unique vulnerabilities and security requirements.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

NIST 800-53 Compliance

What is the NIST Special Publication 800-53?

NIST 800-53 Controls

Advantages of Complying with NIST 800-53

Cybersecurity Should be an Advantage, not a Cost Center. Let’s Get to Work.