NIST is charged with producing information security standards and recommendations, as well as establishing baseline criteria for government information systems. NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations.
Serves as a catalog of security controls recommended for federal information systems.
The goals are to make the information systems on which we rely more resistant to infiltration, to reduce the harm caused by assaults when they occur, to make the systems cyber-resilient and survivable, and to preserve people’s privacy.
NIST may be thought of as a toolbox comprising a variety of security and privacy precautions, countermeasures, strategies, and processes.
The controls are used in conjunction with a well-defined risk management approach that supports corporate information security and privacy policies. In turn, such information security and privacy initiatives establish the groundwork for the organization’s purpose and business activities to succeed.
