United States FISMA / NIST SP800-53

The US Federal Information Security Management Act (FISMA) is at the core of the US Government’s approach to the defense of its IT systems and information.

A key element of this approach is the role of the National Institute of Standards and Technology (NIST) that produces a range of documents that specify the risk management and control requirements and approaches for a range of attack scenarios.


NIST Special Publication 800-53 (SP800-53)

This standard provides an approach to security and a catalogue of controls that support the mandatory FIPS Publication 200 (Minimum Security Requirements for Federal Information and Information Systems).

After defining the security category of their systems using FIPS Publication 199 (Standards for Security Categorization of Federal Information and Information Systems) organizations can derive their information system impact or sensitivity levels to apply the appropriately tailored set of security controls in NIST SP800-53.

The oversight and continuous monitoring regime in SP800-53 forms the basis of the overarching information, IT and cyber security defense posture. It represents the primary source of control selection – akin to other management system and control based standards such as ISO27001 and PCI-DSS. Hence it is of vital importance in US Federal Government and Defense environments. Also within the Critical National Infrastructure (CNI) community, in the government supply chain and across academia; it plays a key role. Often other sector-specific standards and regulations refer back to the NIST publications.

Huntsman further supports the requirement for security status, compliance and operational reporting as part of a Security Lifecycle

Huntsman® have developed a comprehensive set of out-of-the-box Queries/Reports, Alerts and Dashboards to support a FISMA compliant security monitoring and incident management regime.

See our Compliance Guides that show how Huntsman® forms the hub of a security ecosystem to monitor the audit, alerting, data retention, access and incident investigation controls, as well as the wider security environment, to support FISMA requirements.