NIST Special Publication 800-53 Revision 4

Introduction

NIST SP 800-53 is the abbreviation of the National Institute of Standards and Technology Special Publication 800-53, Organization. The NIST is a non-regulatory agency of the U.S. Commerce Department, Security and Privacy Controls for Federal Information Systems (Gantz, 2012). The system is a set of principles and controls that seek to promote and maintain a set of standards within a commercial industry. 

The main reason why it is important to implement assurance control in an organization is that it enables the organization to be compliant with the laid rules and regulations. These assurances help organizations by providing them with guidelines that make it possible for business organizations as well as contractors, and the federal government and its agencies to know the required rules. It also provides them with a framework they can utilize to ensure these standards and requirements are met. The assurance controls can help an organization safeguard their operations and integrity by ensuring that they meet all set laws and regulations at all times. 

It is important to note that the SP 800-53 system was developed for the sole purpose of heightening the security in information systems used by different agencies of the federal government. These guidelines apply themselves in any information technology system that has the capability of processing, storing, and transmitting federal information (Gantz, 2012). The most recent updates to this system were done in 2013 by a task force appointed by the different agencies of the federal government. Currently, the guidelines have been set in such a way that they can attain the secure system in federal systems by: 

• Ensuring that they facilitate more comparable, consistent, and repeatable approach for specifying and selecting security controls for systems
• By ensuring that it provides a recommendation for security controls for systems categorized as defined in the FIPS 199 and the Standards for Security Categorization system
• By providing a stable yet flexible catalog of security controls that enable information systems to meet current organizational protection needs presently and in the future (National Institute of Standards and Technology, 2017)

By developing a foundation for the development of methods of assessment for determining security control and its effectiveness

The NIST SP 800-53 has some controls that make it complete. These controls include: 

• High-Impact Baseline: These controls are made up of controls that protect an organization from major risks. If these risks occur they can impact the organization in a major way.
• Medium-Impact Baseline: these controls are aimed at protecting an organization from medium threats.
• Low-Impact Baseline: These are threats that protect an organization from threats that do not pose major threats 

One of the most critical aspects of this system is that it helps in the control of organization procedures. This can be done through the development, documentation, and dissemination of different roles in the system (Gantz, 2012). The system and services acquisition policy has to be made whose main objective is to addresses the purpose, functions, scope, management commitment, responsibilities, coordination, compliance of different industry players as this is what makes the system more effective in ensuring compliance. It also needs to have procedures that can help in the facilitation and implementation of the system and services (National Institute of Standards and Technology, 2017). All these factors aid in the control aspect of the system and ensures that all players know what is expected to them with .regards to compliance of the law. 

For one to make use of the system well, one has to understand the three compliance practices — the first in calls a user to analyze and understand the NIST system. One needs to understand the threats facing their data and information and know the different methods they can use to save this information from any attacks (National Institute of Standards, 2017). The second step is education. Users of the NIST system should be able to educate themselves as well as their employees about the different procedures they need to undertake to be compliant. For example, employees should be aware of all management controls as laid down by the NIST 800-53 (National Institute of Standards and Technology, 2017). The third step is accessing information. Many business organizations talk about different ways they use to secure their data, and this information can be used by different users to help improve the security of their data and information. This can help in ensuring that their data is not compromised in any way.

            References

Gantz, S. (2012). FISMA and the Risk Management Framework: The New Practice of Federal

Cyber Security. Chicago, IL: Newness. 

National Institute of Standards. (2017). Security and Privacy Controls for Federal Information

Systems and Organizations: Nist Sp 800-53 Revision 4 Including Updates As of 01-22-2015 Nist Series. Chicago, IL: Newness.

National Institute National Institute of Standards and Technology. (2017). Security and PrivacyControls for Information Systems and Organizations Rev 5: Draft NIST Special Publication 800-53 Revision 5. Security and Privacy Controls for Information Systems and Organizations Rev 5: Chicago, IL: Newness.