NIST 800-53

Summary

NIST SP 800-53 defines the standards and guidelines for federal agencies to architect and manage their information security systems. It was established to provide guidance for the protection of agency's and citizen's private data. The version used for this section is NIST 800-53, Rev. 5, September 2020.

Definitions

Definition	Requirements
NIST80053-AC-2_2. Removal of temporary or emergency accounts	023. Terminate inactive user sessions 027. Allow session lockout
NIST80053-AC-2_3. Disable accounts	144. Remove inactive accounts periodically
NIST80053-AC-2_4. Automated audit actions	301. Notify configuration changes
NIST80053-AC-2_6. Dynamic privilege management	095. Define users with privileges 096. Set user's required privileges
NIST80053-AC-2_7a. Establish and administer privileged user accounts	095. Define users with privileges 096. Set user's required privileges
NIST80053-AC-2_7b. Monitor privileged role or attribute assignments	095. Define users with privileges 096. Set user's required privileges
NIST80053-AC-2_7c. Monitor changes to roles or attributes	095. Define users with privileges 096. Set user's required privileges
NIST80053-AC-2_10. Shared and group account credential change	144. Remove inactive accounts periodically
NIST80053-AC-2_13. Disable accounts for high-risk individuals	144. Remove inactive accounts periodically 027. Allow session lockout
NIST80053-AC-6. Least privilege	186. Use the principle of least privilege
NIST80053-AC-12. Session termination	369. Set a maximum lifetime in sessions 023. Terminate inactive user sessions
NIST80053-AC-18_5. Antennas and transmission power levels	249. Locate access points
NIST80053-IA-1. Policy and procedures	229. Request access credentials
NIST80053-IA-2. Identification and authentication (organizational users)	121. Guarantee uniqueness of emails 229. Request access credentials 257. Access based on user credentials 265. Restrict access to critical processes
NIST80053-IA-7. Cryptographic module authentication	147. Use pre-existent mechanisms 224. Use secure cryptographic mechanisms
NIST80053-PL-4_1. Social media and external site/applications usage restrictions	260. Use alternative emails
NIST80053-SC-3. Security function isolation	235. Define credential interface

Last updated

2023/09/18