NIST 800-53, Rev. 5 - Why So Many Additional Controls?
Why does NIST SP 800-53, Rev. 5 contain so many additional controls or control enhancements beyond the required controls and enhancements contained in the control baselines for LOW, MOD, and HIGH?
Because, according to NIST, in certain situations, additional controls or control enhancements beyond the controls and enhancements contained in the control baselines may be required to address specific threats to organizations, mission and business processes, and systems; to address specific types of PII processing and associated privacy risks; and to satisfy the requirements of laws, executive orders, directives, policies, regulations, standards, and guidelines.
As a result, you’ll find a significant number of controls and control enhancements are not assigned to any control baseline for LOW, MOD, or HIGH. Therefore, through tailoring, organizations make their own determinations as to whether the controls and control enhancements are needed to meet applicable requirements or are useful for managing risks that arise from the loss of confidentiality, integrity, and availability or the processing of PII.
Trusted Providers of NIST RMF Services & Solutions
Arlington offers the following NIST RMF services & solutions to DoD and other federal contractors:
- Compliance Reporting for FedRAMP, FISMA, eMASS, CMMC, 800-171, ITAR/EAR, and more.
- Scoping & Gap Assessments
- Policies & Procedures Development
- Program Documentation Development
- System Security Plans (SSP)
- Security Assessment Reports (SAR)
- Remediation Assistance
- ATO Assistance
100 + NIST 800-53 Templates Available for Download for Federal Contractors
The solution for federal contractors is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5.
About Arlington
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.