THE PURPOSE OF NIST SP 800-53
The SP 800-53 guidelines were created to increase the security of the information systems used internally for the federal government. The guidelines themselves apply to the components of information systems that store, process, or transmit federal information. The guidelines are frequently revised based on the ever-changing nature of information security and cover a variety of areas including but not limited to mobile and cloud computing, insider threats, and application security.
HOW NIST SP 800-53 WORKS
The NIST SP 800-53 provides a collection of controls that support the continued efforts of securing federal information systems. NIST guidelines implement risk management programs through compliance. NIST SP 800-53 focuses on the controls which can be used in coherence with risk management framework outlined in other NIST publications.
The controls are sectioned into 18 different families:
- Access Control
- Audit and Accountability
- Awareness and Training
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Incident Response
- Media Protection
- Personnel Security
- Physical and Environmental Protection
- Program Management
- Risk Assessment
- Security Assessment and Authorization
- System and Communications Protection
- System and Information Integrity
- System and Services Acquisition
NIST SP 800-53 uses security control baselines as a starting point allowing companies to customize only the controls that are required to protect their information systems within their business environment. These baselines cover operational needs in addition to protecting against the most common types of threats to information systems.