NIST 800-53 is a set of guidelines designed to make it easier for federal agencies and contractors to meet the requirements imposed by the Federal Information Security Management Act, or FISMA.
Rev.5, which was released mid-2020 brings with it a new emphasis on privacy, expanded security controls, and changes to control categories:
- Outcome-based (as opposed to impact-based) controls.
- New emphasis on privacy: integration of privacy controls with security controls, and better integration with cybersecurity/risk management.
- Separation of control selection from actual controls.
- New controls based on threat intelligence.
NIST SP 800-53 provides an exhaustive catalog of controls designed to make systems more resilient. These controls are fully operational and technical and designed to create management safeguards that can then be used by various information systems. The standard seeks to promote integrity, confidentiality, availability, and security of information systems.
NIST SP 800-53 does this by defining 18 different sections of what it calls the NIST SP 800-53 security control family.
To learn more about the latest version of SP 800-53, view the draft on NIST’s website.
Email us to learn more about how Whistic or our Partners can help with NIST Assessments.