NIST 800-53 Compliance

 

The National Institute of Standards and Technology (NIST) is a world-renowned non-regulatory agency providing detailed guidelines for improving information security within federal agencies and associated organizations. Ekran System cooperates with NIST and can help you build compliant data protection and digital infrastructure protection systems.

 

 

NIST 800-53 compliance: who needs it and why

 

As a non-regulatory agency of the US Department of Commerce, NIST focuses on researching and establishing general guidelines and standards that federal agencies must meet.

 

In particular, NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations is a set of guidelines and recommendations for architecting and managing secure information systems. Compliance with NIST 800-53 security control guidelines is the main key to achieving compliance with the Federal Information Security Management Act of 2002 (FISMA) and Federal Information Processing Standards (FIPS) requirements.

 

Since 2005, NIST has released several revisions of SP 800-53. The latest officially released is Revision 4, published in 2013, with the official NIST 800-53 summary having been released a year later. However, according to the NIST schedule, the final publication of Revision 5 is planned for summer 2019.

 

The Ekran System platform is the ultimate NIST 800-53 compliance software, covering core security controls and making it easy to secure your organization’s critical assets and sensitive data.

 

Meet NIST 800-53 requirements with Ekran System

 

Ekran System helps you comply with NIST 800-53 security controls by providing  monitoring and auditing of work with sensitive data, identity and access management, and incident response tool sets.

 

NIST 800-53 Revision 4 provides detailed guidelines for three minimum security controls that cover 18 control families.

 

Minimum security controls Control families

High-Impact Baseline

Medium-Impact Baseline

Low-Impact Baseline

AC – Access Control

AU – Audit and Accountability

AT – Awareness and Training

CM – Configuration Management

CP – Contingency Planning

IA – Identification and Authentication

IR – Incident Response

MA – Maintenance

MP – Media Protection

PS – Personnel Security

PE – Physical and Environmental Protection

PL – Planning

PM – Program Management

RA – Risk Assessment

CA – Security Assessment and Authorization

SC – System and Communications Protection

SI – System and Information Integrity

SA – System and Services Acquisition

 

For each of these families, there’s a large NIST 800-53 controls list that includes security controls with different impact levels. However, organizations don't need to implement all of these controls to comply with FISMA and NIST SP 800-53. They need to follow the baseline recommendations for architecting information security systems but are free to choose which security tools and solutions to use for that purpose.

 

With Ekran System, you can implement the necessary security controls for NIST 800-53 control families including:

 

  • Audit and Accountability (AU)
  • Access Control (AC)
  • Identification and Authentication (IA)
  • Incident Response (IR)

 

As NIST 800-53 compliance software, Ekran System fully covers all of the controls in the Audit and Accountability family while also covering the majority of security controls in other control families.

 

Access Control

 

The Access Control family includes a wide range of security controls for ensuring the proper level of access management. Ekran System includes a number of features that can help you meet critical NIST 800-53 access control requirements, including:

 

  • AC-2 Account management – Ekran System contains a set of authentication features that can be used for improving your current account management system, including identity management, two-factor authentication, and privileged access management (PAM).
  • AC-3 Access enforcement – Ekran System’s access management capabilities allow enforcing authorization approval according to your access control policies.
  • AC-8 System use notification – Ekran System can be configured to display notifications about login attempts within the protected perimeter.

 

Privileged Access and Session Management (PASM) is one of Ekran System’s key access management features. Using PASM, you can manage user privileges effectively, ensure granular time-limited access to critical assets, and monitor and manage sessions initiated by privileged users. Other access management features provided by Ekran System include manual access approval, one-time passwords, secondary authentication for shared accounts, and a free two-factor authentication tool.

 

Audit and Accountability

 

The NIST Audit and Accountability control family covers security practices required for establishing a reliable accountability system within an organization. NIST recommends performing detailed and continuous audits to detect possible cybersecurity threats and investigate incidents. Auditing and accountability are also needed to prove compliance to an external auditor.

 

Ekran System is a comprehensive user activity monitoring solution that can provide you with a detailed audit log of every event that happens on a monitored endpoint. The platform covers all security controls within this control family, including:

 

  • AU-2 Audit events – Ekran System can be configured to monitor all or only specific events.
  • AU-3 Content of audit records – Monitoring results are recorded in a searchable video format, indexed with metadata such as keystrokes, entered commands, visited web pages, names of opened files and launched applications, etc.
  • AU-6 Audit review, analysis, and reporting – Ekran System provides a rich set of reporting capabilities. Reports can be generated manually or automatically on a set schedule.
  • AU-8 Time stamps – All recorded data is coupled with timestamps.
  • AU-9 Protection of audit information – All records made by Ekran System are tamper-proof. Any unauthorized access can be detected with the help of internal logs that can be accessed via Ekran’s web-based management panel. The forensic export feature delivers reports and monitoring details in a format that can't be altered.
  • AU-14 Session audit – By default, Ekran System records all user sessions initiated on the target endpoint, including privileged user sessions.

 

Identification and Authentication

 

The Identification and Authentication control family covers a set of security controls necessary for uniquely identifying each user and device accessing your network. The ability to identify each user accessing the system and then reliably connect them to a specific event is crucial for detecting potential threats and investigating security incidents.

 

As a universal NIST 800-53 compliance solution, Ekran System provides a number of identity and access management features for ensuring a high level of user identity verification, including secondary authentication and multi-factor authentication (MFA). These capabilities enable identification of each user even for shared accounts and cover NIST Identification and Authentication controls such as:

 

  • IA-2 Identification and authorization (organizational users) – PASM and MFA capabilities provided by Ekran System allow you to uniquely identify internal employees, subcontractors, and other organizational users.
  • IA-8 Identification and authorization (non-organizational users) – Ekran System’s secondary authentication feature ensures additional identification of every user logging into the system under a shared account.

 

Incident Response

 

The Incident Response control family covers one of the most important parts of ensuring the protection of sensitive information: what needs to be done in case of a security incident. Ekran System provides actionable tools to meet the requirements of this NIST family of controls:

 

  • IR-4 Incident handling – Ekran System provides an alerting system to detect incidents in a timely manner and a set of manual and automated incident response tools for everything from sending warning messages to blocking users.
  • IR-5 Incident monitoring – The alerting functionality in Ekran System supports predefined template-based incident triggers and fully customizable trigger rules. When an incident is detected, a security officer is notified and provided with all context needed to respond quickly.

 

In addition, Erkan System can export data in a forensic format for further cybersecurity incident investigation and analysis.

 

However, NIST SP 800-53 isn’t the only IT security standard that Ekran System can help you comply with. Using Ekran System makes it much easier to meet the requirements of other industry standards and regulations, including FISMA, HIPAA, and PCI DSS.