What is NIST 800-53?
Published by the National Institute of Standards and Technology (NIST), which is a non-regulatory agency of the United States Department of the Commerce, NIST Special Publication 800-53, provides a catalog of security and privacy controls for federal information systems and organizations.
NIST Special Publication 800-53, Revision 4, represents the most comprehensive update to the security controls catalog since its inception in 2005. This update was motivated principally by the expanding threat space--characterized by the increasing sophistication of cyber attacks and the operations tempo of adversaries (i.e., the frequency of such attacks, the professionalism of the attacks, and the persistence of targeting by attackers).
NIST 800-53 Revision 4 Compliance
NIST 800-53, Revision 4 security controls are organized into eighteen families. Of the eighteen security control families, seventeen families are closely aligned with the seventeen minimum security requirements for federal information and information systems in FIPS Publication 200.
The following security controls are relevant for agencies in the cloud:
AC - Access Control
AU - Audit and Accountability
CM - Configuration Management
CP - Contingency Planning
IA - Identification and Authentication
SC - System and Communications Protection
Enforce Baselines with Codeless Auto-Remediation
Fugue utilizes baselines to auto-remediate and correct compliance violations via self-healing. With baseline enforcement, misconfiguration is automatically corrected back to the NIST 800-53 compliant baseline without writing automation scripts.