Addressing NIST SP 800-53: “Recommended Security Controls” with Core Security Solutions
NIST Special Publication (SP) 800-53 exists to “help ensure that appropriate security requirements and security controls are applied to all federal information and information systems.” Practically speaking, it is a guide to help government organizations prepare for and pass IT security audits performed under the Federal Information Security Management Act (FISMA).
SP 800-53 recommends a set of security controls that represents IT security best practices endorsed by the U.S. Department of Defense, Intelligence Community and Civil agencies to produce “the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.”
In revision 3 of the guideline, NIST further incorporated penetration testing as a key security control, stating it should be used to “improve the readiness of the organization [and] to improve the security state of the system and organization.” CORE INSIGHT Enterprise and CORE IMPACT Pro offer powerful, automated penetration testing capabilities for government red teams and security organizations.
How Core Security Solutions Help
Using Core Security’s test and measurement solutions, CORE INSIGHT Enterprise and CORE IMPACT Pro, security professionals proactively validate their security controls while revealing actual paths that attackers could take to expose critical assets.
CORE INSIGHT Enterprise continuously replicates threats while seeking to compromise defined business assets through web, network and client-side channels. CORE INSIGHT Enterprise helps security executives to benchmark and measure enterprise-wide security posture, verify actual business risks, and validate mandated security controls.
CORE IMPACT Pro replicates attacks across web applications, network systems, endpoints, email users Wifi networks, and network devices. Users have granular control over the largest library of commercial-grade exploits available, plus a full complement of pre- and post-exploitation capabilities.
- White Paper: Putting NIST Guidelines for Information Security Continuous Monitoring into Practice
This whitepaper discusses how security testing and measurement solutions from Core Security Technologies can help your agency adhere to NIST’s recommendations for Information Security Continuous Monitoring
Learn how Core Security addresses other NIST guidelines: