6. What are the NIST SP 800 series publications and do you have informations security policy and procedure documents that are aligned with NIST for helping with FISMA compliance?

The NIST SP 800 documents are a series of publications put forth by the National Institute of Standards and Technology (NIST), which is a non-regulatory agency of the United States Department of Commerce. The SP 800 series was established in 1990 and has grown quite a bit since then, encompassing a large, in-depth, and ever-growing set of computer security documents seen by many as industry leading. Additionally, the NIST SP 800 documents have been well-known to many professionals within the field of information technology - particularly that of information security -as they gained additional recognition with the Federal Information Security Management Act of 2002, known as FISMA.

FISMA essentially established a cohesive set of information security guidelines for federal agencies and all other related parties, for which the NIST SP 800 series of publications were to be used (and still are) as part of FISMA compliance. Because many federal agencies outsource to the private sector, this in turn required that numerous contractors, subcontractors, and other affiliates were now being held to the very same FISMA standards as these agencies. Scores of private companies are now using the NIST SP 800 series of publications - as are many federal agencies - for establishing and maintaining best practices regarding information security.

NIST SP 800 Publications | NIST 800-53

One of the most popular and well-known of all the NIST SP 800 publications is NIST SP 800-53, "Recommended Security Controls for Federal Information Systems and Organizations" (and subsequent versions thereof). It's often used as the basis for establishing an information security framework within organizations, with many of the other SP 800 documents used for certain areas within information security itself. All of the SP 800 publications are extremely comprehensive and detailed, providing up-to-date and relevant information on a given subject matter.

FISMA Compliance & NIST SP 800 Publications

If your organization is a contractor or subcontractor with any of the United States federal agencies, you'll no doubt have an explicit requirement for being in compliance with FISMA, which in turn means adopting the various SP 800 publications for helping you establish and maintain a comprehensive information security framework. Compliance with FISMA is not a simple "check-the-box" - rather - it takes a disciplined approach that can take considerable time and resources, and that's where the FLANK21 set of operational and security documents from FLANK can help. Not only are many of the provisions within our documents developed in accordance with NIST mandates, they also include numerous other highly-needed forms, checklists, templates, and provisioning and hardening documents for helping organization actually establish and maintain a "real" information security framework. 

Additionally, learn more about our NIST and FIMSA compliance services.

To learn more about NIST and the complete list of NIST SP 800 documents, please visit http://csrc.nist.gov/publications/PubsSPs.html