Category: NIST

Risk Assessment Checklist NIST 800-171

Written by
Published 05/10/2020

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53.  NIST SP 800-53 provides a catalog of cybersecurity and privacy controls for all U.S. federal information systems except those related to national security.  The IT security controls in the “NIST SP 800-171 Rev. 2 – Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” are mandatory when nonfederal entities share, collect, process, store, or transmit controlled unclassified information (CUI) on behalf of federal agencies. CUI is defined as any information that requires safeguarding or dissemination controls pursuant to federal law, regulation, or governmentwide policy.   This NIST SP 800-171 checklist will help you comply with NIST standards…

How to Map PCI DSS to the NIST Cybersecurity Framework

Written by
Published 12/03/2019

Organizations face an increasing number of compliance metrics. Risk management is of paramount importance and is feeding the need for governance. Terms like PCI DSS and NIST CSF are two frameworks that help enhance data security and manage risk.  Often, it is the confusion on where businesses need to start that prevents them from taking action at all. It is important first to understand what PCI and NIST do, how they are related to each other, and how they are different to prevent analysis paralysis. What Is PCI DSS? The Payment Card Industry Data Security Standards (PCI DSS) were created to standardize the way all organizations that accept, process, transmit, and store credit card information securely. The requirements mandated by…

Tags: , ,
Categorized in: ,

NIST CSF Categories and Framework Tiers

Written by
Published 11/19/2019

NIST CSF stands for the National Institute of Standards and Technology Cybersecurity Framework. The NIST CSF consists of best practices, standards, and guidelines to manage cybersecurity program risk.  This voluntary framework is divided into three primary parts: the framework core, profiles, and tiers. The NIST CSF core comprises five functions, where each function are further broken down into categories and subcategories. There are currently 23 categories and 108 subcategories in the NIST CSF.  Below you will find a detailed assessment of the NIST CSF functions and categories: Identify Function Identify the risk to critical infrastructure, information systems, people, assets, and data. Asset Management: Inventory and manage all company assets, including people. It is important also to understand Bring You Own…

Categorized in:

NIST and FedRAMP: A Brief Overview

Written by
Published 05/27/2016

NIST and FedRAMP: A Brief Overview   If you’re new to the world of compliance in the US Federal Government, there can be some tricky terms to navigate. Here’s a quick primer on the similarities and differences between NIST and FedRAMP. NIST Background The National Institute of Standards and Technology (NIST) produces, among other things, a series of documents known as Special Publications (SP). The NIST SP 800 series deal with computer security, and NIST 800-53 revision 4, Security and Privacy Controls for Federal Information Systems and Organizations details information security/privacy controls which must be in place for information systems in the US Federal government. There are other 800-series documents which cover elements of information security including risk management (SP…

Tags: , ,
Categorized in: , ,