Published October 15, 2019 • By Thea Garcia • < 1 min read
The National Institute of Standards and Technology (NIST) Framework Controls are contained in Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations. It is important to examine the overall NIST cybersecurity framework to understand how the security controls should be applied in information security. The NIST Framework Core Controls support critical infrastructure, cybersecurity risk, and overall information security.The NIST Framework at its most basic element outlines the activities that must be done in order to effect organizational change. The framework is broken into five functional areas, which contain categories (also known as families), sub categories, and informative references.The five functional areas of the NIST framework and primary categories are:Identify
Risk Management Strategy
Awareness and Training
Info Protection and Procedures
Anomalies and Events
Security Continuous Monitoring
When reading NIST SP 800-53, it is important to note that the controls are categorized into low, medium, and high severity. Each control has a family, class, priority, and baseline allocation. The control contains a detailed description of how it is organized along with supplemental guidance and any enhancements. The controls also have a helpful reference section that chains previous NIST Special Publications, which is useful when exploring the “why” of a particular control.