Any company that does business with suppliers, partners or customers in the US will, if they transact business digitally, need to be aware of the relevant US security standards and procedures. This is the case even if it only means learning that most of the regulations may not in practice apply to their business. But these are rules it is best not to be ignorant about.
Finding out about them can be a problem and certainly time consuming, but one possible solution to that issue comes from US-based Agiliance, with its RiskVision service. The company produces Integrated Risk Management solutions for Governance and Security programs, and has just announced the release of the Agiliance NIST SP800-53 Revision 4 Content Pack, which is designed to help organisations defend their IT infrastructures against advanced cyber-attacks.
It is built around the US National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 4 security controls update, and provides a packaged intelligence feed for the Agiliance RiskVision platform. This provides commercial organisations and government agencies with expanded security and privacy baselines.
In response to the increasing volume and sophistication of cyber-attacks, NIST, the U.S. Department of Defense, the U.S. Intelligence Community, and the Committee on National Security Systems created the Joint Task Force partnership in 2009 to develop the NIST SP 800-53 "Recommended Security Controls for Federal Information Systems and Organizations” standard. Revision 4, released this April, was developed to include security controls and enhancements for new threat area such as mobile and cloud computing; applications security; trustworthiness, assurance, and resiliency of information systems; insider threats; supply chain security; and advanced persistent threats.
The Content Pack provides users with packaged intelligence from which they can develop a custom security controls baseline and security plan that best fits their needs. It encompasses more than 1,100 controls across the 18 security control families, including Access Control; Awareness and Training; Audit and Accountability, Security Assessment and Authorisation; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection, Physical, and Environmental Protection; Planning; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity; and Program Management.
“The NIST guidelines provide organisations with a proven and industry tested set of best practices that simplify the creation of high, medium, and low baseline controls based on the business criticality of the assets being protected,” said Torsten George, vice president of worldwide marketing and products at Agiliance. “By integrating this pre-built intelligence with the Agiliance RiskVision platform, customers can use the NIST SP 800-53 content pack to run compliance assessments in order to determine their compliance and risk scores. This powerful tool also enables them to identify security gaps in their infrastructure by mapping recommended NIST controls against their existing environment.”