What is NIST SP 800–53? Tips for NIST SP 800–53 Compliance

Table of contents

  1. Why is NIST SP 800–53 important?
  2. What is the purpose of NIST SP 800–53?
  3. What are the benefits of NIST SP 800–53?
  4. What are the three classes of information systems in NIST SP 800–53?
  5. What are the NIST SP 800–53 controls?
  6. How does NIST SP 800–53 relate to FISMA?
  7. How does NIST SP 800–53 relate to FedRAMP?
  8. Who publishes NIST SP 800–53?
  9. When was NIST SP 800–53 last updated?
  10. What are the changes in NIST SP 800–53 Revision 5?
  11. How UpGuard can help you continuously assess your security controls

1. Why is NIST SP 800–53 important?

2. What is the purpose of NIST SP 800–53?

3. What are the benefits of NIST SP 800–53?

4. What are the three classes of information systems in NIST SP 800–53?

  1. Low-impact
  2. Moderate-impact
  3. High-impact

5. What are the NIST SP 800–53 controls?

  1. Access Control (AC)
  2. Awareness and Training (AT)
  3. Audit and Accountability (AU)
  4. Security Assessments and Authorization (CA)
  5. Configuration Management (CM)
  6. Contingency Planning (CP)
  7. Identification and Authentication (IA)
  8. Incident Response (IR)
  9. Maintenance (MA)
  10. Media Protection (MP)
  11. Physical and Environmental Protection (PE)
  12. Planning (PL)
  13. Personnel Security (PS)
  14. Risk Assessment (RA)
  15. Systems and Services Acquisition (SA)
  16. System and Communications Protection (SC)
  17. System and Information Integrity (SI)
  18. Program Management (PM)

6. How does NIST SP 800–53 relate to FISMA?

7. How does NIST SP 800–53 relate to FedRAMP?

8. Who publishes NIST SP 800–53?

9. When was NIST SP 800–53 last updated?

10. What are the changes in NIST SP 800–53 Revision 5?

  • Making security and privacy controls outcome-based by changing the structure of the controls
  • Separation of the control selection process from the actual controls, allowing controls to be used by different groups such as systems engineers, software developers, enterprise architects and business owners
  • Elimination of the term information system, replacing it with the term system so controls can be applied to any type of systems including general-purpose systems, cyber-physical systems, industrial/process control systems and IoT devices
  • Promotion of integration with different risk management methodologies and cybersecurity approaches including the NIST Cybersecurity Framework
  • Clarification between the relationship between security and privacy to improve the selection of controls needed to address the full scope of security and privacy risks
  • Incorporation of new, state of the art controls based on threat intelligence and empirical data, including controls to strengthen cybersecurity, privacy governance and accountability

11. How UpGuard can help you continuously assess your security controls

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
UpGuard

UpGuard

https://www.upguard.com — UpGuard combines third-party security ratings, vendor questionnaires, and threat intelligence in a single cyber risk solution.