What is NIST 800-53?
Published by the National Institute of Standards and Technology (NIST), which is a non-regulatory agency of the United States Department of the Commerce, NIST Special Publication 800-53, provides a catalog of security and privacy controls for federal information systems and organizations.
NIST Special Publication 800-53, Revision 4, represents the most comprehensive update to the security controls catalog since its inception in 2005. This update was motivated principally by the expanding threat space--characterized by the increasing sophistication of cyber attacks and the operations tempo of adversaries (i.e., the frequency of such attacks, the professionalism of the attacks, and the persistence of targeting by attackers).
NIST 800-53 Revision 4 Compliance
NIST 800-53, Revision 4 security controls are organized into eighteen families. Of the eighteen security control families, seventeen families are closely aligned with the seventeen minimum security requirements for federal information and information systems in FIPS Publication 200.
The following security controls are relevant for agencies in the cloud:
AC - Access Control
AU - Audit and Accountability
CM - Configuration Management
CP - Contingency Planning
IA - Identification and Authentication
SC - System and Communications Protection
Detect Compliance Violations
Fugue continuously evaluates your cloud environments for NIST 800-53 compliance violations with predefined rules mapped to NIST 800-53 compliance controls. If a resource is determined as non-compliant, an alert will be sent to notify the compliance team. The compliance team can then determine whether to correct the non-compliant resource and set an established baseline for future enforcement.
Enforce Baselines with Codeless Auto-Remediation
Fugue utilizes baselines to auto-remediate and correct compliance violations via self-healing. With baseline enforcement, misconfiguration is automatically corrected back to the NIST 800-53 compliant baseline without writing automation scripts.
Report on Compliance Posture
Fugue makes it easy to report on your NIST 800-53 compliance posture. Detailed reports, dashboards, and visualizations are available to easily track and monitor your cloud resources. Daily or weekly reports highlighting compliant and non-compliant resources can be emailed to executives or auditors to show proof of compliance.