NIST 800-53

I have read about the NIST (National Institute of Standards and Technology) information security, which is recommended for Federal Information Systems and Organizations. It covers the understanding of providing security controls for information based on three important aspects; confidentiality, integrity and availability.
Security controls are split into three different classes such as the management, operational and technical safeguards in order to protect the above aspects.
I find this standard very relevant in relation to security and risks in general, which kind of reflect each other nowadays. The more risks equals the more security implemented.

Beneath is an example of a format for expressing the security category of an information system. In my opinion, a very important point of view while considering information system.

SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)},

where the acceptable values for potential impact are low, moderate, or high.

The standard also defines a “Risk Management Strategy”, which in my opinion might be worth looking into in order to get a clear understanding of the approach.
Read more about the strategy and the target audience towards the standard in the document on the following link below.

*p.14 covers target audience, p.27-28 covers the strategy

http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf

Advertisements
This entry was posted in IT Security, Week 35. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s