Has anyone ever been the victim of a data breach? I have, and it’s not a pleasant experience. For some, it’s as simple as getting a new credit or debit card, but for others, it can go much deeper. Your personal information and your finances could be at risk or, even worse, your identity. For a business, this could also mean access to confidential information like trade secrets or intellectual property. Now imagine this breach happened to a federal organization handling vital information about the United States. For those organizations out there who haven’t experienced this, thank the E-Government Act of 2002 or, more specifically, the Federal Information Security Management Act or FISMA. Passed on December 17th, 2002, this act directed the regulatory agency, the National Institute of Standards and Technology (NIST) to develop guidelines to heighten the security of information systems used within the federal government. Helping reduce the risk of cyber-attacks on critical infrastructure. Why is this important, you might ask? These guidelines are what we now refer to as the NIST Special Publication (SP) 800-53.
Data breaches have been an issue long before technology. A data breach refers to any confirmed incident in which sensitive, confidential, or otherwise protected data has been accessed or disclosed in an unauthorized fashion. As the dependence on technology began to grow, so did the risk of data breaches. The early 2000s were plagued with breaches. In January of 2000, CD Universe, an online music store, was hacked, and 300,000 customer credit cards were compromised; 25,000 of the stolen credit card numbers were then posted online. Egghead.com had a massive breach in which 3.5 million users were affected. The hacker then held the company’s information for ransom and demanded $100,000. Later that year, AOL and Western Union were also victims of breaches.
With breaches and hackers becoming front-page news, action needed to be taken to protect and secure vital information. This prompted the passing of the E-Government Act, effectively creating the NIST 800 53. The NIST Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, is a set of recommended security and privacy controls for federal information systems and organizations to help meet the requirements set by the Federal Information Security Management Act (FISMA). It aims to improve your organization’s information systems security program by providing sets of controls that support the development of secure and resilient federal information systems.
What is NIST 800-53?
NIST SP 800-53 provides a list of controls that support the development of secure and resilient federal information systems. These controls are the operational, technical, and management standards and guidelines used by information systems to maintain confidentiality, integrity, and availability. The guidelines adopt a multi-tiered approach to risk management through control compliance. Controls are broken into three classes: low, moderate, and high, and are based on impact. The controls are further split into 18 security control families allowing organizations to select only the controls most applicable to their requirements. NIST SP 800-53 introduces the concept of baselines as a starting point for the control selection process. This enables organizations to establish a baseline for developing secure organizational infrastructure.
All U.S. federal government agencies and contractors are required to comply with NIST SP 800‐53; however, many state and local governments, as well as private organizations, also use NIST SP 800‐53 as their security controls framework. If the federal government trusts NIST SP 800-53 to protect its critical data, why wouldn’t you? The guidelines are revised in accordance with the evolving nature to manage information security and cover areas like mobile and cloud computing, insider threats, application security requirements, and supply chain security standards. This helps to future-proof you as technology evolves as well as your business.
Protect yourself; make sure you are securing your organization’s critical information. At CyberSaint, we support numerous frameworks, like the NIST SP 800-53, SP 800-37, CIS, SOX and many other gold standard frameworks and controls right out of the box. Using the NIST Cybersecurity Framework, you can improve your organization’s information systems and risk management framework by establishing a fundamental baseline for developing secure organizational infrastructure. The CyberStrong platform enables you to see your overall cyber posture across multiple assessments through one single pane of glass, so your organization is compliant and secure. In an ever-changing world of technology, it is imperative to be protected. If you have any questions, click here to schedule a conversation or give us a call at 1-800 NIST CSF