NIST SP 800-53 Update - WISP & CSOP
Posted by ComplianceForge on Oct 29th 2020
NIST released the final version of NIST SP 800-53B that identifies what NIST SP 800-53 R5 controls fall into low, moderate, high and privacy baselines. This allowed ComplianceForge to release new versions of our NIST SP 800-53 based policies, standards and procedures:
- NIST SP 800-53 R5 Cybersecurity & Data Protection Program (CDPP) - Low & Moderate
- NIST SP 800-53 R5 CDPP - Low, Moderate & High
- NIST SP 800-53 R5 Cybersecurity Standardized Operating Procedures (CSOP) - Low & Moderate
- NIST SP 800-53 R5 CSOP - Low, Moderate & High
This documentation is designed to be editable, affordable and scalable for your specific business needs.
At its core, these NIST SP 800-53 R5-based CDPP and CSOP are designed to align with low, moderate and high control baselines from NIST SP 800-53 R5. Since our clients tend to have additional needs in this space, the NIST SP 800-53 R5 CDPP and CSOP have complete coverage for these core frameworks:
- NIST SP 800-53 R5 (as defined in NIST SP 800-53B)
- Federal Risk and Authorization Management Program (FedRAMP)
- Federal Acquisition Regulation (FAR) 52.204-21 (cybersecurity requirements)
- DoD Cybersecurity Maturity Model Certification (CMMC) v1.02
- NIST SP 800-171 R2 (CUI & NFO controls)
The following leading practices are mapped to the corresponding NIST SP 800-53 rev5 CDPP's policies & standards, as well as the CSOP's procedures. This mapping is in the corresponding Excel spreadsheet that is included as part of the CSOP or CDPP purchase:
- AICPA Trust Services Criteria (TSC) (commonly referred to as SOC 2 controls)
- CERT Resilience Management Model (CERT RMM) v1.2
- Center for Internet Security Critical Security Controls (CIS CSC) v7.1 (commonly referred to as the SANS Top 20)
- Fair & Accurate Credit Transactions Act (FACTA)
- Generally Accepted Privacy Principles (GAPP)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- ISO 27002:2013
- IRS 1075
- MA 201 CMR 17.00
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
- National Industrial Security Program Operating Manual (NISPOM)
- NIST Cybersecurity Framework (NIST CSF) v1.1
- NIST SP 800-172 - (controls to protect against Advanced Persistent Threats (APTs))NY 23 NYCRR 500
- Oregon Consumer Identity Theft Protection Act (OR 646A)
- Payment Card Industry Data Security Standard (PCI DSS) v3.2.1
- Secure Controls Framework (SCF)
- UK Cyber Essentials