What is the NIST SP Special Publication 800 series?
Publications in NIST’s Special Publication (SP) 800 series present information of interest to the computer security community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities.
What federal organization is responsible for creating guidelines and standards via special publications?
NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over …
What is NIST 800-37 used for?
The purpose of SP 800-37 Rev 1 is to provide guidelines for applying the Risk Management Framework to federal information systems to include conducting the activities of security categorization, security control selection and implementation, security control assessment, information system authorization, and security …
Which publication includes the Risk Management Framework procedures and provides guidance on security control selections for federal information systems?
In response to the need for agencies to develop an organization-wide approach for managing risk, the National Institute of Standards and Technology (NIST) developed Special Publication 800-37 Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems.
What is NIST 800 53 used for?
NIST SP 800-53 defines the standards and guidelines for federal agencies to architect and manage their information security systems. It was established to provide guidance for the protection of agency’s and citizen’s private data.
What are the NIST controls?
NIST 800 53 Control Families
- AC – Access Control.
- AU – Audit and Accountability.
- AT – Awareness and Training.
- CM – Configuration Management.
- CP – Contingency Planning.
- IA – Identification and Authentication.
- IR – Incident Response.
- MA – Maintenance.
What is the purpose of NIST 800-53?
What is NIST 800-53? NIST SP 800-53 provides a list of controls that support the development of secure and resilient federal information systems. These controls are the operational, technical, and management standards and guidelines used by information systems to maintain confidentiality, integrity, and availability.
What NIST publication explains the Risk Management Framework?
Special Publication 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems,” describes the formal RMF certification and accreditation process.
What’s required to comply with NIST 800-171?
Achieving compliance with NIST 800-171 first requires an understanding of technical terms like “controlled information,” “information systems” and how they apply to information exchange and information exchange governance.
What does NIST SP 800-171 mean?
Based on NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations”, manufacturers must implement these security controls through all levels of their supply chain.
What is NIST 800-171 compliance?
NIST 800-171 is the guideline for protecting Controlled Unclassified Information outside of a federal agency or system. NIST 800-171 compliance is mandatory for organizations that hold controlled unclassified information within an internal system or a system in which they maintain control or oversight.
What is NIST compliance program?
A Definition of NIST Compliance. The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort,…