NIST 800-53 Information Security Policies

Federal Information Security Management Act (FISMA)

Under FISMA, federal agencies are required to assess the state of their information security before being approved for budget items by the OMB.  To accurately assess the security posture of federal systems, the National Institute of Standards and Technology (NIST) published SP 800-53.  NIST breaks information technology into 17 information security domains that define the security posture of an organization. Each of these NIST domains require written information security policies.

According to maturity model defined in the Federal IT Security Assessment Framework, the security program progresses from having policies (Level 1) to having detailed procedures (Level 2), implementing these procedures (Level 3), testing compliance with and effectiveness of the procedures (Level 4), and finally fully integrating policies and procedures into daily operations (Level 5).

Develop NIST Security Policies Quickly

Information Security Policies Made Easy - Version 13Information Security Policies Made Easy provides a complete set of security policies that cover each of the 17 key NIST 800-53 assessment areas. Organizations can save time and money implementing Level 1 compliance by customizing our library
of over 1700 pre-written information security policies.  Mappings to NIST 800-53 and NIST 800-171 saves hundreds of policy development  hours.
» Learn More  » Request a Sample

Define and Maintain Your IT Security Program

Use ComplianceShield to help automate every aspect of an Information Security Management System (ISMS).   Develop and distribute security policies, define and document an ISO control framework, educate and train employees, and prepare and manage key evidence all in a single secure platform.   IT security compliance does not have to be difficult and expensive.

» Learn More  » Request a Sample

Document Information Security Roles

Information Security Roles and Responsibilities Made EasyInformation Security Roles and Responsibilities Made Easy provides expert guidance and templates for building an effective security organization. According to NIST 800-53 and NIST 800-171, security roles and responsibilities are key to implementing an effective control over security. Save your organization hundreds of hours of effort in developing and documenting your security organization.
» Learn More  » Request a Sample

Other Federal Security Requirements

The establishment of a sound security program is mandated by other Federal laws, including the Clinger-Cohen Act, the Computer Security Act of 1987, the Government Performance and Results Act (GPRA), and the Government Paperwork Elimination Act (GPEA). Key to an effective security posture is a robust set of information security policies and standards backed by an effective security organization. Information Shield publications will save your organization hundreds of development hours by providing pre-written best practices that have been tested in hundreds or organizations around the world.

For more information on using Information Shield solutions for your FISMA compliance efforts, please contact us.