NIST 800-53

Get started

Legislative summary
The United States Congress passed the E-Government Act of 2002 in recognition of the importance of information security to the economic and national security interests of the United States. Title III of the act, entitled the Federal Information Security Management Act (FISMA), tasked the National Institute of Standards and Technology (NIST) with developing standards and guidelines to be used by all U.S. federal government agencies in implementing adequate information security as part of their information systems. There are three security objectives for information systems: confidentiality, integrity and availability. The purpose of the act is to:

• Provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets
• Provide effective government-wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security and law enforcement communities
• Provide for development and maintenance of minimum controls required to protect federal information and information systems
• Provide a mechanism for improved oversight of federal agency information security programs.
• Acknowledge that commercially developed information security products offer advanced, dynamic, robust and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built and operated by the private sector

Each of the following FISMA sections requires that agency applications be protected against unauthorized access, use, disclosure, disruption, modification or destruction of information and that applications must be able to ensure the integrity, confidentiality, authenticity, availability and non-repudiation of information and information systems:

• FISMA Sec.3544. (a)(1)(A)(i)
• FISMA Sec.3547
• FISMA Sec.3544. (a)(1)(A)(ii)

As part of its work to develop the requisite standards and guidelines for agencies to comply with these information system protections requirements under FISMA, the NIST produced “Special Publication 800-53 - Recommended Security Controls for Federal Information Systems,” which outlines the security protections that should be put in place in federal information systems. Failure to comply with the controls in this NIST recommendation may constitute failure to comply with the FISMA requirements for information system protection.

HP Application Security Center capabilities

• Verify that web application access to sensitive information is controlled by authentication and authorization
• Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
• Check for vulnerability to denial of service attacks
• Check that data communication is encrypted
• Validate that web application inputs are properly validated and not vulnerable to command injection or cross-site scripting attacks
• Check for improper application error handling
• Get detailed security assessment reports categorized by FISMA sections

Learn more