NIST SP 800-53
Use federal standards to secure your organization
Evolve your security and privacy program
The NIST SP 800-53 framework is mandatory for federal systems of the United States and is often adapted and applied by private organizations. Because NIST SP 800-53 requires many controls, knowing where to start can be daunting. Our consultants have deep experience with NIST 800-53 and can help scope, design, implement, document, and assess your NIST SP 800-53 program. From scoping to reviewing, TrustedSec can help organizations at any point in their compliance journey.
- Scope - Set your program up for success by ensuring proper scoping and baselines for your information assets and systems.
- Implement - Design and tailor your program to ensure applicability and effectiveness.
- Document - Build all of the documents you'll need to run and attest to your security program.
- Review - Assess the effectiveness of your security program by identifying all barriers to full compliance. Recommendations detail ways to meet the intent of identified gaps.
“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”Rockie BrockwayDirector of Advisory Innovations
Rockie Brockway
Director of Advisory InnovationsRockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
Read our blog
Explore trending cybersecurity topics on the TrustedSec Security Blog
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
In preparation for a talk, Jason Lang (@curi0usJack) and I were doing at MCTTP about mining TTPs from VX-underground, we both ended up doing research based on…
Detecting Password-Spraying in Entra ID Using a Honeypot Account
Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against…
There's More than One Way to Trigger a Windows Service
Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services like Remote Registry and EFS. Learn how they can…
Skimming Credentials with Azure's Front Door WAF
Your Web Application Firewall (WAF) sees EVERYTHING. In this blog, we demonstrate how an attacker with access to Azure Front Door’s WAF and Log Analytics can…
PCI P2PE vs. E2EE – Scoping it Out
If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how…
HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules
In this blog, we explain how HIPAA’s Privacy, Security, Breach Notification, and Administrative Rules apply while clearing up common misunderstandings about…
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for…
HIPAA Business Associates - What’s Your Function?
Many teams working with health care providers receive requests to sign a Business Associate Agreement. In this blog, we break down HIPAA’s definition of a…
HIPAA Covered Entities - It’s More Than Just PHI
Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better…
WSUS Is SUS: NTLM Relay Attacks in Plain Sight
Windows Server Update Services (WSUS) is a trusted cornerstone of patch management in many environments, but its reliance on HTTP/HTTPS traffic makes it a…