Lifeline Data Centers subscribes to NIST 800-53 security controls. Some of the certifications and authorizations that Lifeline Data Center holds that are based on NIST 800-53:
- Lifeline Data Centers supports multiple FISMA Moderate ATOs
- Lifeline Data Centers’ PaaS Cloud Service is FedRAMP-Ready (Moderate Baseline)
- Lifeline Data Centers is CJIS (Criminal Justice Information System) Capable
- Lifeline Data Centers is IRS-1075 Capable
NIST 800-53 recommends policies and procedures for topics such as access control, business continuity, incident response, disaster recoverability and several more key areas, and is an ideal starting point for an InfoSec team who has a desire to improve their controls.
NIST 800-53 Revision 4 was motivated by the expanding threat and sophistication of cyber attacks and is the most comprehensive update since its initial publication in 2005. NIST 800-53 is the official security control list for the federal government, and it is a free resource for the private sector.
How NIST 800-53 benefits your organization
NIST 800-53 exhaustively outlines how to establish security controls based on your organization’s risk assessment, and to have any effect, those controls must be implemented, but creating procedures for which you have an insufficient workforce and resources can cause more harm than merely consulting with a subject matter expert about what your priorities should be.
Lifeline Data Center experts work with our clients to ensure we properly assess risk and then implement controls that limit exposure of the organization to said risk.
What is NIST?
NIST is the National Institute of Standards and Technology, a non-regulatory agency of the U.S. Commerce Department established to encourage and assist innovation and science through the promotion and maintenance of a set of industry standards.
ISO 27001 Scope
Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations is a set of standards and guidelines to help federal agencies and contractors meet the requirements set by the Federal Information Security Management Act (FISMA).
The security and privacy controls are split into 18 different families and classified by low, medium, or high impact. The security control families are:
- Access Control
- Audit and Accountability
- Awareness and Training
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Incident Response
- Media Protection
- Personnel Security
- Physical and Environmental Protection
- Program Management
- Risk Assessment
- Security Assessment and Authorization
- System and Communications Protection
- System and Information Integrity
- System and Services Acquisition