| 800-53 Adherence and Compliance
As an organization committed to establishing a level of “security due diligence”, Matsuda and Associates (M&A) supports its client in meeting the minimum federal information system security requirements through the use of the security controls in accordance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, Recommended Security Controls for Federal Information Systems (NIST SP 800-53) and Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems (FIPS PUB 200).
M&A utilizes the guidance provided in FIPS 200 and NIST SP 800-53 to establish a baseline level of security for all federal information and information systems (non-national security-related) and establishes a level of “security due diligence” for federal agencies and their support contractors. This effort is in line with the federal government’s mandate requiring all federal agencies to meet the minimum security requirements through the use of the security controls in accordance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, Recommended Security Controls for Federal Information Systems. Federal agencies have up to one year from the date of final publication of the FIPS PUB 200 to fully comply with the changes but are encouraged to initiate compliance activities immediately.
M&A’s ultimate goal of catapulting agencies to the required and acceptable level of compliance is accomplished through the following methodology:
· Determining the security categorization of the Client’s information system in accordance with the provisions of FIPS 199, Standards for Security Categorization of Federal Information and Information Systems
· Apply the appropriate set of minimum (baseline) security controls in NIST Special Publication 800-53.
· Mapping all of its Client’s federal information systems’ security-related documentation with FIPS 200 and NIST SP 800-53
· Capturing observations and comments to align existing security-related documentation with the recommended NIST SP 800-53 security controls
· Updating and/or creating applicable documentation in accordance with NIST SP 800-53 where necessary
· Tailoring the controls where applicable using the tailoring guidance provided in NIST Special Publication 800-53 allowing agencies the flexibility in applying the minimum security controls. This flexibility allows agencies to adjust the security controls to more closely fit their mission requirements and operational environments
· And where tasked, assessing the effectiveness of the selected NIST SP 800-53 security controls used to map to the Client’s security-related documentation
|