The National Institute of Standards and Technology, a non-regulatory government agency, focuses on developing the NIST standards to drive the economic competitiveness of federal organizations. It also produces the standard to provide a framework for federal agencies to meet the Federal Information Security Management Act (FISMA) requirements. NIST Cybersecurity Framework is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. NIST also produces FIPS – Federal Information Processing Standards – and provides guidance and recommendations through Special Publications (SP) -800 series.
“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” ~NIST
As the principles of information security are consistent irrespective of the security standard, be it ISO 27001, HIPAA, FISMA, SOX, or PCI-DSS, the NIST guidelines consider some of the best practices and enable agencies to meet specific regulatory guidelines.
For example, NIST has outlined nine steps toward FISMA compliance:
- Categorize the information to be protected
- Develop baseline controls to protect the information
- Conduct risk assessments to baseline controls.
- Develop a security plan including the baseline controls.
- Roll out security controls to your information systems
- Measure and monitor performance to understand the efficacy of security controls
- Determine organization risk based on your assessment of security controls
- Authorize the information system for processing
- Continuously monitor your security controls
NIST SP 800-SERIES COMPLIANCE
Released through Special Publications (SP), the NIST 800 series helps government agencies through the process of implementing and measuring the effectiveness of their cyber and information security programs.
- NIST SP 800-53 provides guidelines on security controls required for federal information systems
- NIST SP 800-37 helps promote nearly real-time risk management through continuous monitoring of the controls defined in NIST 8000-53
- NIST 800-137 provides additional guidance on enterprise-wide reporting and tracking using automation
- NIST 800-171 guides organizations looking to protect Controlled Unclassified Information (CUI) stored in non-federal information systems and environments
What we do
Anvaya’s Cyber Security Program for NIST aims to protect the organizations’ cyber-infrastructure and digital assets and participate in the US Government’s critical infrastructure programs. Our Integrated framework for Information Security enables you to comply with NIST and cover other global practices such as ISO27001, COBIT, SANS, PCI, etc.
Controls in the NIST Framework
Access Control
Media Protection
Awareness and Training
Personnel Security
Audit and Accountability
Physical Protection
Configuration Management
Risk Assessment
Identification and Authentication
Security Assessment
Incident Response
Systems and Communications Protection
Maintenance
System and Information Integrity
Implementation Methodology
We have a 5-phase Methodology to help you achieve successful compliance.
- Strategize
- Methodical Assessment
- POA&M
- Remediate
- Continuous Assessment