NIST Compliance – Information Security
The National Institute of Standards and Technology (NIST) is responsible for developing standards and guidelines, including minimum requirements, used by federal agencies in providing adequate information security for the protection of agency operations and assets. Pursuant to this mission, NIST’s Information Technology Laboratory (ITL) has developed guidelines to improve the efficiency and effectiveness of information technology (IT) planning, implementation, management, and operation
The following NIST 800 – series publications are guidelines to help organizations categorize, select, implement, assess, authorize and monitor Information Technology Security controls and systems.
NIST 800-66
Implementing HIPAA Security Rule
NIST 800-66 summarizes the HIPAA security standards and explains some of the structure and organization of the Security Rule. The publication helps to educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule.
This publication is intended as an aid to understand security concepts discussed in the HIPAA Security Rule and does not supplement, replace, modify, or supersede the Security Rule itself.
.
NIST 800-12
An Introduction to Information Security
NIST 800-12 serves as a starting point for those unfamiliar with NIST information security publications and guidelines. The intent of this special publication is to provide a high-level overview of information security principles by introducing related concepts and the security control families.
GLBA | PCI/DSS | HIPAA | Dept. of Defense.
.
NIST 800-30
Guide for Conducting Risk Assessments
NIST 800-30 provides guidance on risk management for organizations in the public and private sectors. The focus of this publication is looking at risk assessment – used to identify, estimate, and prioritize risk. GLBA Safeguards Rule.
This publication details the four components of risk assessment including: 1) how to prepare for risk assessments; 2) how to conduct risk assessments, 3) how to communicate risk assessment results to key organizational personnel and 4) how to maintain the risk assessments over time.
.
NIST 800-37
Risk Management Framework for Information Systems and Organizations
NIST 800-37 is intended to help organizations manage security and privacy risk and to satisfy the requirements in the Federal Information Security Modernization Act of 2014 [FISMA], the Privacy Act of 1974 [PRIVACT], OMB policies, and designated Federal Information Processing Standards, among other laws, regulations, and policies.
NIST 800-53
Security and Privacy Controls for Information Systems
NIST 800-53 publication, along with other supporting NIST publications, is designed to help organizations identify the security and privacy controls needed to manage risk and to satisfy the security and privacy requirements in FISMA, the Privacy Act of 1974, OMB policies (e.g., OMB A-130), and designated Federal Information Processing Standards (FIPS), among others.
The use of NIST 800-53 controls is mandatory for federal agencies, federal contractors and organizations working on behalf of agencies. However, the same organizations must follow NSA standard for data destruction.
.