Importance of Identifying NIST 800-53 Assessment Objectives and Scope

Before an assessment begins, SteelToad will guide your organization through the process of determining the scope and objectives of the assessment.

SteelToad’s assessors develop an Assessment Plan to identify the organization’s assessment objectives as well as the security controls and security control enhancements to be examined. The security controls will be determined based on the assessment level selected by the organization; low, moderate, or high. The organization’s level of alignment will determine which security controls are evaluated.

Prior to the assessment, it is essential to determine the organization’s security objectives and define what security controls will be utilized for the assessment. SteelToad’s assessors place a great emphasis on adaptability, when establishing the organization’s Assessment Plan, to ensure the most efficient procedures and assessment plan are generated while still meeting the organization’s assessment objectives. The cybersecurity goals and priorities set by the company will serve as a foundation for our team to create the Assessment Plan.

There are more than 1100+ NIST 800-53 security controls, therefore we collaborate with our clients to determine the best timeframe for the assessment. It is possible to divide the assessment into segments if there are not enough resources to conduct the full assessment at one time. It is acceptable to conduct a full assessment, a partial assessment, or a partial assessment with tailored IT system-specific security controls (provided by the organization or system owner).

SteelToad works with customers to ensure that the assessment plan is accurate when the stakeholders define and convey the organization’s cyber goals, ensuring that the assessment plan supports this strategy by promoting flexibility and considering all crucial security objectives.

Objectives for the Assessment Plan include:

  1. Define the correct procedures to be used for each security control.
  2. Define the organization’s security goals for the system being assessed.
  3. Define the baseline level chosen for the system: Low/Moderate/High
  4. Determine the scope of the assessment and what parameters are set for the IT system.
  5. Determine and communicate the assessment procedures and timeline and adjust based on the goals and objectives for the assessment.
  6. Communicate and provide the Assessment Plan to the organization for approval and

Because no two systems are alike, SteelToad assessors meet with your organization to ensure we understand the system, your security goals, and any additional organizational objectives for review. In our initial meeting, we will verify the assessment process and ensure that your team is aware of the process. Our staff is focused on efficiency, and we will collaborate with your team to meet your organization’s security assessment goals by utilizing the NIST 800-53 assessment criteria.

Share this post
Facebook
Twitter
YouTube
LinkedIn
Share
Instagram

Related Posts

Cyber Security
Security Incident Management
SteelToad OP
Cyber Security
Cyber Security in Higher Education
SteelToad OP
Cyber Security
From the Physical to the Digital – The Enormous Smithsonian Archives Migration
SteelToad OP

LOCK IT DOWN

We've Locked Down our processes. So we can Lock Down yours.

Get Free Consultation