NIST is the abbreviation of the National Institute of Standards and Technology. Talking about NIST, it is a non-regulatory agency of the United States Department of Commerce whose job is to improve measurements and standards.
NIST was founded in 1901 and its history lies in developing measurements, metrics, and standards. Previously known as the National Bureau of Standards, NIST mission is to promote measurement standards with proper maintenance.
Sounds so simple.
But what does NIST have to do with your business?
Let us try to understand this in subsequent sections.
What is NIST Cyber Security Framework?
What about Framework? Framework is a structure to support building something useful.
So, riding high on the idea of cybersecurity to prevent, detect and respond to cyber incidents, NIST built a policy framework (set of best practice guidelines) for better management of cybersecurity-related risks.
“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”President Barack Obama, Executive Order 13636, Feb. 12, 2013.
In short, the NIST CSF paves way for organization national security posture to tackle risk management by being proactive rather than employing reactive bent of mind.
Elements of the NIST Cybersecurity Framework
There are 5 functions under NIST Cybersecurity framework.
What is NIST SP 800-53?
NIST SP 800-53 stands for NIST Special Publication 800-53 and NIST SP 800-53 is part of NIST’s Cyber security Framework.
As there is a massive rise in threat landscape and cyber attacks on government systems, the security of important and sensitive information is extremely crucial. And this is possible by securing your overall infrastructure.
Complying by NIST SP 800 series standards improve and maintain their information security. For risk management also, NIST SP 800-53 has been fulfilling the objective of protecting organizations.
Purpose of NIST SP 800-53
NIST SP 800–53 (short form of National Institute of Standards and Technology Special Publication 800-53) database defines the guidelines of security controls and associated assessment procedures, for the US government agencies, to architect, implement and manage information security systems, and corresponding data.
complying with NIST SP 800-53 helps improve compliance with other crucial compliances like:
will help your organization improve compliance with other programs and regulations, including:
- PCI DSS
- FedRAMP DoD
Recommended by the Information Technology Laboratory (ITL),
NIST SP 800-53 security control family
There are 18 different controls under NIST SP 800-53
- Access Control
- Audit and Accountability
- Awareness and Training
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Incident Response
- Media Protection
- Personnel Security
- Physical and Environmental Protection
- Program Management
- Risk Assessment
- Security Assessment and Authorization
- System and Communications Protection
- System and Information Integrity
- System and Services Acquisition