NIST SP 800-53 Update - WISP & CSOP

Posted by ComplianceForge on Oct 29th 2020

NIST released the final version of NIST SP 800-53B that identifies what NIST SP 800-53 R5 controls fall into low, moderate, high and privacy baselines. This allowed ComplianceForge to release new versions of our NIST SP 800-53 based policies, standards and procedures:

This documentation is designed to be editable, affordable and scalable for your specific business needs.

At its core, these NIST SP 800-53 R5-based CDPP and CSOP are designed to align with low, moderate and high control baselines from NIST SP 800-53 R5. Since our clients tend to have additional needs in this space, the NIST SP 800-53 R5 CDPP and CSOP have complete coverage for these core frameworks:

  • NIST SP 800-53 R5 (as defined in NIST SP 800-53B)
  • Federal Risk and Authorization Management Program (FedRAMP) 
  • Federal Acquisition Regulation (FAR) 52.204-21 (cybersecurity requirements)
  • DoD Cybersecurity Maturity Model Certification (CMMC) v1.02 
  • NIST SP 800-171 R2 (CUI & NFO controls)

The following leading practices are mapped to the corresponding NIST SP 800-53 rev5 CDPP's policies & standards, as well as the CSOP's procedures. This mapping is in the corresponding Excel spreadsheet that is included as part of the CSOP or CDPP purchase:

  • AICPA Trust Services Criteria (TSC) (commonly referred to as SOC 2 controls)
  • CERT Resilience Management Model (CERT RMM) v1.2
  • Center for Internet Security Critical Security Controls (CIS CSC) v7.1 (commonly referred to as the SANS Top 20)
  • Fair & Accurate Credit Transactions Act (FACTA)
  • Generally Accepted Privacy Principles (GAPP)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • ISO 27002:2013
  • IRS 1075
  • MA 201 CMR 17.00
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
  • National Industrial Security Program Operating Manual (NISPOM)
  • NIST Cybersecurity Framework (NIST CSF) v1.1
  • NIST SP 800-172 - (controls to protect against Advanced Persistent Threats (APTs))NY 23 NYCRR 500
  • Oregon Consumer Identity Theft Protection Act (OR 646A)
  • Payment Card Industry Data Security Standard (PCI DSS) v3.2.1
  • Secure Controls Framework (SCF)
  • UK Cyber Essentials