Has anyone ever been the victim of a data breach? I have, and it’s not a pleasant experience. For some, it’s as simple as getting a new credit or debit card, but for others, it can go much deeper. Your personal information and finances could be at risk or, even worse, your identity. This could also mean access to confidential business information like trade secrets or intellectual property. Imagine this breach happened to a federal organization handling vital information about the United States.
For organizations that haven’t experienced this, thank the E-Government Act of 2002 or, more specifically, the Federal Information Security Management Act or FISMA. Passed on December 17th, 2002, this act directed the National Institute of Standards and Technology (NIST) regulatory agency to develop guidelines to heighten the security of information systems used within the federal government. Helping reduce the risk of cyber-attacks on critical infrastructure. Why is this important, you might ask? We now refer to these guidelines as the NIST Special Publication (SP) 800-53.
Data breaches have been an issue long before technology. A data breach refers to any confirmed incident in which sensitive, confidential, or otherwise protected data has been accessed or disclosed unauthorizedly. As the dependence on technology grew, so did the risk of data breaches. The early 2000s were plagued with breaches. In January of 2000, CD Universe, an online music store, was hacked, and 300,000 customer credit cards were compromised; 25,000 of the stolen credit card numbers were then posted online. Egghead.com had a massive breach in which 3.5 million users were affected. The hacker then held the company’s information for ransom and demanded $100,000. Later that year, AOL and Western Union were also victims of breaches.
With breaches and hackers becoming front-page news, action must be taken to protect and secure vital information. This prompted the passing of the E-Government Act, effectively creating the NIST 800 53. The NIST Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, is a set of recommended security and privacy controls for federal information systems and organizations to help meet the Federal Information Security Management Act (FISMA) requirements. It aims to improve your organization’s information systems security program by providing sets of controls that support the development of secure and resilient federal information systems.
What is NIST 800-53?
NIST SP 800-53 provides a list of controls that support the development of secure and resilient federal information systems. These controls are the operational, technical, and management standards and guidelines information systems use to maintain confidentiality, integrity, and availability. The guidelines adopt a multi-tiered approach to risk management through control compliance. Controls are broken into three classes: low, moderate, and high, and are based on impact. The controls are split into 18 security control families, allowing organizations to select only the most applicable to their requirements. NIST SP 800-53 introduces the concept of baselines as a starting point for the control selection process. This enables organizations to establish a baseline for developing secure organizational infrastructure.
All U.S. federal government agencies and contractors must comply with NIST SP 800‐53; however, many state and local governments and private organizations use NIST SP 800‐53 as their security controls framework. Why wouldn't you if the federal government trusts NIST SP 800-53 to protect its critical data? The guidelines are revised following the evolving nature of managing information security and covering areas like mobile and cloud computing, insider threats, application security requirements, and supply chain security standards. This helps to future-proof you as technology evolves as well as your business.
Protect yourself; make sure you are securing your organization’s critical information. At CyberSaint, we support numerous frameworks, like the NIST SP 800-53, SP 800-37, CIS, SOX, and many other gold-standard frameworks and controls. Using the NIST Cybersecurity Framework, you can improve your organization’s information systems and risk management framework by establishing a fundamental baseline for developing secure organizational infrastructure.
The CyberStrong platform enables security and risk teams to evaluate their overall cyber posture across multiple risk assessments through a single pane of glass so that the organization is proactively secure and compliant. In an ever-changing world of technology, it is imperative to be protected. If you have any questions, click here to schedule a conversation.