The National Institute of Standards and Technology, a non-regulatory government agency, focuses on developing the NIST standards to drive the economic competitiveness of federal organizations. It also produces the standard to provide a framework for federal agencies to meet the Federal Information Security Management Act (FISMA) requirements. NIST Cybersecurity Framework is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. NIST also produces FIPS – Federal Information Processing Standards – and provides guidance and recommendations through Special Publications (SP) -800 series.

“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” ~NIST

As the principles of information security are consistent irrespective of the security standard, be it ISO 27001, HIPAA, FISMA, SOX, or PCI-DSS, the NIST guidelines consider some of the best practices and enable agencies to meet specific regulatory guidelines.

For example, NIST has outlined nine steps toward FISMA compliance:

1. Categorize the information to be protected
2. Develop baseline controls to protect the information
3. Conduct risk assessments to baseline controls.
4. Develop a security plan including the baseline controls.
5. Roll out security controls to your information systems
6. Measure and monitor performance to understand the efficacy of security controls
7. Determine organization risk based on your assessment of security controls
8. Authorize the information system for processing
9. Continuously monitor your security controls

NIST SP 800-SERIES COMPLIANCE

Released through Special Publications (SP), the NIST 800 series helps government agencies through the process of implementing and measuring the effectiveness of their cyber and information security programs.

• NIST SP 800-53 provides guidelines on security controls required for federal information systems
• NIST SP 800-37 helps promote nearly real-time risk management through continuous monitoring of the controls defined in NIST 8000-53
• NIST 800-137 provides additional guidance on enterprise-wide reporting and tracking using automation
• NIST 800-171 guides organizations looking to protect Controlled Unclassified Information (CUI) stored in non-federal information systems and environments

What we do

Anvaya’s Cyber Security Program for NIST aims to protect the organizations’ cyber-infrastructure and digital assets and participate in the US Government’s critical infrastructure programs. Our Integrated framework for Information Security enables you to comply with NIST and cover other global practices such as ISO27001, COBIT, SANS, PCI, etc.

Controls in the NIST Framework

Access Control

Media Protection

Awareness and Training

Personnel Security 

Audit and Accountability

Physical Protection

Configuration Management

Risk Assessment

Identification and Authentication

Security Assessment

Incident Response

Systems and Communications Protection

Maintenance

System and Information Integrity

Implementation Methodology

We have a 5-phase Methodology to help you achieve successful compliance.

• Strategize
• Methodical Assessment
• POA&M
• Remediate
• Continuous Assessment

Contact us to see how you can establish and implement a strategy to protect your assets.