The National Institute of Standards and Technology (NIST) special publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is the latest version of security and privacy controls that can be used to manage risk for organizations of any sector and size, and all types of systems—from super computers to industrial control systems to Internet of Things (IoT) devices. This control framework is often mapped to other frameworks due to its popularity and relevance in the industry.  The implementation is broken into 3 control baselines, Low, Medium, and High, so that the program can scale to the specific threats and risk profiles of the organization.

Who does it apply to?

The guidance document is meant to cross industries and organization sizes, particularly with the control baselines that enable varying implementations aligned to risk profiles.

How can Socium Security help?

Socium Security can provide assessment and program development services for organizations that wish to align with the NIST 800-53 framework, including policies, processes and control implementation advisory.