NIST SP 800-53 Update - WISP & CSOP

Posted by ComplianceForge on Oct 29th 2020

NIST released the final version of NIST SP 800-53B that identifies what NIST SP 800-53 R5 controls fall into low, moderate, high and privacy baselines. This allowed ComplianceForge to release new versions of our NIST SP 800-53 based policies, standards and procedures:

NIST SP 800-53 R5 Written Information Security Program (WISP) - Low & Moderate
NIST SP 800-53 R5 Written Information Security Program (WISP) - Low, Moderate & High
NIST SP 800-53 R5 Cybersecurity Standardized Operating Procedures (CSOP) - Low & Moderate
NIST SP 800-53 R5 Cybersecurity Standardized Operating Procedures (CSOP) - Low, Moderate & High

This documentation is designed to be editable, affordable and scalable for your specific business needs.

At its core, these NIST SP 800-53 R5-based WISP and CSOP are designed to align with low, moderate and high control baselines from NIST SP 800-53 R5. Since our clients tend to have additional needs in this space, the NIST SP 800-53 R5 WISP and CSOP have complete coverage for these core frameworks:

NIST SP 800-53 R5 (as defined in NIST SP 800-53B)
Federal Risk and Authorization Management Program (FedRAMP)
Federal Acquisition Regulation (FAR) 52.204-21 (cybersecurity requirements)
DoD Cybersecurity Maturity Model Certification (CMMC) v1.02
NIST SP 800-171 R2 (CUI & NFO controls)

The following leading practices are mapped to the corresponding NIST SP 800-53 rev5 WISP's policies & standards, as well as the CSOP's procedures. This mapping is in the corresponding Excel spreadsheet that is included as part of the CSOP or WISP purchase:

AICPA Trust Services Criteria (TSC) (commonly referred to as SOC 2 controls)
CERT Resilience Management Model (CERT RMM) v1.2
Center for Internet Security Critical Security Controls (CIS CSC) v7.1 (commonly referred to as the SANS Top 20)
Fair & Accurate Credit Transactions Act (FACTA)
Generally Accepted Privacy Principles (GAPP)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
ISO 27002:2013
IRS 1075
MA 201 CMR 17.00
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
National Industrial Security Program Operating Manual (NISPOM)
NIST Cybersecurity Framework (NIST CSF) v1.1
NIST SP 800-172 - (controls to protect against Advanced Persistent Threats (APTs))NY 23 NYCRR 500
Oregon Consumer Identity Theft Protection Act (OR 646A)
Payment Card Industry Data Security Standard (PCI DSS) v3.2.1
Secure Controls Framework (SCF)
UK Cyber Essentials

NIST 800-171 & CMMC Compliance Bundles

Secure Controls Framework (SCF) Compliance Bundles

Cybersecurity Policies, Standards & Procedures

Privacy & Data Protection (GDPR, CCPA & more)

SOC 2 Compliance (Trust Services Criteria)

Risk Management Bundles

PCI DSS Compliance Bundles

Policies, Standards & Controls

Procedures

NIST 800-171 Compliance

Risk Management

Secure Engineering (Privacy & Security By Design)

Vulnerability & Patch Management

Incident Response

Third-Party Compliance

PCI DSS Compliance

Audit-Ready Cybersecurity & Privacy Practices

Alignment With Secure Practices

Common Compliance Requirements

International Data Security Laws & Regulations

US Federal Data Security Laws & Regulations

US State Data Security Laws & Regulations

Cost Savings

CMMC Kill Chain - Creating A Project Plan

CMMC Assessment Boundary Scoping Guide

NIST 800-53 vs ISO 27002 vs NIST CSF

Policies vs Standards vs Controls vs Procedures

Statutory vs Regulatory vs Contractual Compliance

Guide To Cybersecurity Documentation

Guide to PCI DSS v3.2 Compliance

NIST 800-171 Compliance - Where Do I Start?

Controlled Unclassified Information (CUI)

Product Comparison: DSP vs WISP

Industries Served & Client References

Product Updates

Multiple Company Discount

NIST SP 800-53 Update - WISP & CSOP