NIST 800 - 53 Implementation

old.reddit.com / @/u/Helontir, https://old.reddit.com/user/Helontir

Hello everyone,

I have just implemented the NIST 800 53 for my employer in Germany. In other words, I have written a large catalog of safety measures (>400 controls) based on NIST 800 -53.

We are now planning to inventory all IT systems and assign a subset of relevant safety measures to each IT system.

My problem is that I don't want to assign controls individually for a large number of IT systems and applications.

Hence my question:

Is there a methodology from NIST on how I assign controls from the NIST 800 - 53 to categories of IT systems or applications? For example, is there a template that certain Control Families are relevant for web servers?

Thanks in advance!

submitted by /u/Helontir
[link] [comments]

published 3 months ago


Previous

DoD FIPS Requirements
published 3 months ago

Next

Multi-tenant implementation for CMMC 2.0
published 3 months ago
See all items from the same source