What is United States FISMA / NIST SP800-53?

The US Federal Information Security Management Act (FISMA) is at the core of the US Government’s approach to the defense of its IT systems and information.

A key element of this approach is the role of the National Institute of Standards and Technology (NIST) that produces a range of documents that specify the risk management and control requirements and approaches for a range of attack scenarios.


NIST Special Publication 800-53 (SP800-53)

This standard provides an approach to security and a catalogue of controls that support the mandatory FIPS Publication 200 (Minimum Security Requirements for Federal Information and Information Systems).

After defining the security category of their systems using FIPS Publication 199 (Standards for Security Categorization of Federal Information and Information Systems) organizations can derive their information system impact or sensitivity levels to apply the appropriately tailored set of security controls in NIST SP800-53.

The oversight and continuous monitoring regime in SP800-53 forms the basis of the overarching information, IT and cyber security defense posture. It represents the primary source of control selection – akin to other management system and control based standards such as ISO27001 and PCI-DSS. Hence it is of vital importance in US Federal Government and Defense environments. Also within the Critical Infrastructure (CI) community, in the government supply chain and across academia; it plays a key role. Often other sector-specific standards and regulations refer back to the NIST publications.


Download Huntsman Security’s FISMA Compliance Guide

Huntsman® have developed a comprehensive set of out-of-the-box Queries/Reports, Alerts and Dashboards to support FISMA compliance requirements.  You can download the guide here.