-
Proposed NIST Revision 5 Changes
NIST has reviewed input from a number of organizations and business and has published some of their proposed changes for Revision 5. The good news is that these changes do not impact the actual security controls, and organizations would not be required to make updates to security documentation including the System Security Plan, outside of ... Read More →
read more » -
BSC Systems Receives Veteran-Owned Small Business (VOSB) Verification
The verification makes the company eligible to participate in Veterans First Contracting Program opportunities with the US Department of Veterans Affairs (VA). Chantilly, VA – BSC Systems, a firm that helps organizations improve their security posture and achieve compliance with regulatory requirements such as FISMA and HIPAA, has recently been verified as a Veteran-Owned Small ... Read More →
read more » -
6 Most Common Insider Threats
Cyber attacks are growing at an exponential rate, and many businesses are not prepared for security breaches. Once hackers are able to gain access to sensitive company information, they can quickly inflict damage that may cause long-term consequences to business operations. Implementing simple best practices, and properly managing internal controls, can prevent most security breaches. ... Read More →
read more » -
Getting your Office Physical Controls FISMA Ready
If you are currently or aim to be a FISMA compliant organization and are looking to relocate, this is the ideal time to build physical security controls into your space. It is always easier and less costly to do before the build out. Of course, if you already have your office space, you will need ... Read More →
read more » -
FISMA NIST 800-53 Rev. 4 Controls – By the Numbers
Have you even been in a FISMA discussion or meeting and someone asked how many actual NIST 800-53 controls they needed to meet and no one seemed to have the exact answer? Well just to make it easy for you we prepared the two tables below that provide the total controls and enhancements for low, ... Read More →
read more »
Have you even been in a FISMA discussion or meeting and someone asked how many actual NIST 800-53 controls they needed to meet and no one seemed to have the exact answer? Well just to make it easy for you we prepared the two tables below that provide the total controls and enhancements for low, moderate and high organizations. If you have any questions about how these apply to you come to our web site and request a free one hour phone consultation and we can discuss the most cost effective ways your organization can satisfy these controls.
NIST 800-53 Revision 4 Control Tally
(excluding PM and Privacy)
| LOW | MODERATE | HIGH | ||||
|---|---|---|---|---|---|---|
| CONTROL FAMILY | Number of Applicable Controls | Number of Applicable Enhancements | Number of Applicable Controls | Number of Applicable Enhancements | Number of Applicable Controls | Number of Applicable Enhancements |
| AC- Access Control | 11 | 0 | 17 | 18 | 18 | 25 |
| AT- Awareness & Training | 4 | 0 | 4 | 1 | 4 | 1 |
| AU – Audit and Accountability | 10 | 0 | 11 | 7 | 12 | 16 |
| CA – Security Assessment and Audit | 7 | 0 | 7 | 3 | 8 | 4 |
| CM – Configuration Management | 8 | 0 | 11 | 10 | 11 | 20 |
| CP – Contingency Planning | 6 | 0 | 9 | 13 | 9 | 26 |
| IA – Identification and Authentication | 7 | 8 | 8 | 14 | 8 | 16 |
| IR – Incident Response | 7 | 0 | 8 | 4 | 8 | 8 |
| MA – Maintenance | 4 | 0 | 6 | 3 | 6 | 7 |
| MP – Media Protection | 4 | 0 | 7 | 2 | 7 | 5 |
| PE – Physical and Environmental | 10 | 0 | 16 | 2 | 17 | 9 |
| PL- Planning | 3 | 0 | 4 | 2 | 4 | 2 |
| PS – Personnel Security | 8 | 0 | 8 | 0 | 8 | 1 |
| RA – Risk Assessment | 4 | 0 | 4 | 3 | 4 | 4 |
| SA – System and Services Acquisition | 6 | 1 | 9 | 5 | 13 | 5 |
| SC – System and Communications | 10 | 0 | 19 | 5 | 21 | 9 |
| SI – System and Information Integrity | 6 | 0 | 11 | 10 | 12 | 15 |
| TOTALS | 115 | 9 | 159 | 102 | 170 | 173 |
NIST 800-53 Revision 4 Control Tally
(including PM and Privacy)
| LOW | MODERATE | HIGH | ||||
|---|---|---|---|---|---|---|
| CONTROL FAMILY | Number of Applicable Controls | Number of Applicable Enhancements | Number of Applicable Controls | Number of Applicable Enhancements | Number of Applicable Controls | Number of Applicable Enhancements |
| AC- Access Control | 11 | 0 | 17 | 18 | 18 | 25 |
| AT- Awareness & Training | 4 | 0 | 4 | 1 | 4 | 1 |
| AU – Audit and Accountability | 10 | 0 | 11 | 7 | 12 | 16 |
| CA – Security Assessment and Audit | 7 | 0 | 7 | 3 | 8 | 4 |
| CM – Configuration Management | 8 | 0 | 11 | 10 | 11 | 20 |
| CP – Contingency Planning | 6 | 0 | 9 | 13 | 9 | 26 |
| IA – Identification and Authentication | 7 | 8 | 8 | 14 | 8 | 16 |
| IR – Incident Response | 7 | 0 | 8 | 4 | 8 | 8 |
| MA – Maintenance | 4 | 0 | 6 | 3 | 6 | 7 |
| MP – Media Protection | 4 | 0 | 7 | 2 | 7 | 5 |
| PE – Physical and Environmental | 10 | 0 | 16 | 2 | 17 | 9 |
| PL- Planning | 3 | 0 | 4 | 2 | 4 | 2 |
| PS – Personnel Security | 8 | 0 | 8 | 0 | 8 | 1 |
| RA – Risk Assessment | 4 | 0 | 4 | 3 | 4 | 4 |
| SA – System and Services Acquisition | 6 | 1 | 9 | 5 | 13 | 5 |
| SC – System and Communications | 10 | 0 | 19 | 5 | 21 | 9 |
| SI – System and Information Integrity | 6 | 0 | 11 | 10 | 12 | 15 |
| PM – Program Management | 16 | 0 | 16 | 0 | 16 | 0 |
| Privacy | 26 | 0 | 26 | 0 | 26 | 0 |
| TOTALS | 157 | 9 | 201 | 102 | 212 | 173 |
