NIST 800-53 (Rev. 5) Low-Moderate-High - AWS Audit Manager

NIST 800-53 (Rev. 5) Low-Moderate-High

AWS Audit Manager provides a prebuilt framework that structures and automates assessments for the NIST 800-53 compliance standard based on AWS best practices.


What is NIST 800-53?

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the oldest physical science laboratories in the United States. The U.S. Congress established the agency to remove a major challenge to US industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic powers.

The NIST 800-53 security controls are generally applicable to U.S. federal information systems. These are typically systems that must go through a formal assessment and authorization process. This process ensures sufficient protection of confidentiality, integrity, and availability of information and information systems, based on the security category and impact level of the system (low, moderate, or high), and a risk determination. Security controls are selected from the NIST SP 800-53 security control catalog, and the system is assessed against those security control requirements.

Use AWS Audit Manager to support your NIST audit preparation

You can use the NIST 800-53 (Rev. 5) Low-Moderate-High framework in AWS Audit Manager to prepare for NIST audits. The framework contains 225 automated controls and 782 manual controls. The controls in this framework aren't intended to verify whether your systems are compliant with the NIST standard. Moreover, they can't guarantee that you will pass a NIST assessment. AWS Audit Manager doesn't automatically check procedural controls that require manual evidence collection.

The NIST 800-53 (Rev. 5) Low-Moderate-High framework represents the security controls and the associated assessment procedures that are defined in NIST SP 800-53 Revision 5 Recommended Security Controls for Federal Information Systems and Organizations. For any discrepancies that are noted in the content between this NIST SP 800-53 framework and the latest published NIST Special Publication SP 800-53 Revision 5, refer to the official published documents that are available at the NIST Computer Security Resource Center.

You can find the NIST 800-53 (Rev. 5) Low-Moderate-High framework under the Standard frameworks tab of the Framework library in Audit Manager.

For instructions on how to create an assessment using this framework, see Creating an assessment. For instructions on how to customize this framework to support your specific requirements, see Customizing an existing framework and Customizing an existing control.