Ensuring NIST SP 800-53/800-53A Compliance with CORE IMPACT Penetration Testing

The NIST Special Publication (SP) 800 documents establish penetration testing as the preferred method for auditing security controls under the Federal Information Systems Management Act (FISMA), with which all federal agencies must comply. With this requirement, NIST has recommended that all such organizations proactively test their network and IT defense mechanisms using assessment techniques that simulate the actions of real-world attacks. The details of NIST Special Publication 800-53 (“Recommended Security Controls for Federal Information Systems and Organizations”) and 800-53A (“Guide for Assessing Security Controls in Federal Information Systems and Organizations”) specifically demand penetration testing that goes beyond the use of scanners to exploit vulnerabilities and demonstrate how security controls have been tested against the same types of multi-staged attacks that are being aimed at their assets on a daily basis.

Using CORE IMPACT is the most effective manner to test security defenses and demonstrate the required level of adherence to FISMA and the NIST SP 800 documents. By acquiring the ability to carry out regular, controlled and safe exploit simulations against a wide range of vectors – including networks, endpoints, web applications, end users, and wireless networks -- federal agencies will be able to provide explicit proof of their compliance, along with associated documentation, to GAO auditors as they carry out their annual e-security assessments.

Please review the below resources for more information about security testing and NIST SP 800-53/800-53A compliance:

Related information from Core Security

• Press Release:  Core Security Endorses New Federal Information Security Guidelines
  
  
• Ensuring NIST 800-53 Compliance with CORE IMPACT


• White Paper: CORE IMPACT Pro and FISMA/NIST Compliance



• White Paper: CORE IMPACT Penetration Testing and the Consensus Audit Guidelines



• On-Demand Webcast:  “Aligning Your Agency with FISMA and NIST via Proactive Security Testing”

  Join IT security and compliance expert Mike Rothman, chief analyst at Security Incite, for a discussion of the implications of NIST 800-53a and the larger benefits of proactive security testing.

• CORE IMPACT Product Overview
  Get a high-level overview of CORE IMPACT and its revolutionary Rapid Penetration Test (RPT) methodology, which allows you to quickly test your agency’s compliance with required controls assessment outlined in NIST Special Publication 800-53a.
  
  
• FISMA-Compliant Security Testing Reports
  Visit this page for examples of CORE IMPACT´s reporting capabilities. IMPACT provides detailed audit trails of all tests performed, providing you with the information you need to validate that FISMA-mandated security measures are in-place and working effectively.

Related information from NIST

• National Institute of Standards and Technology FISMA website
• NIST SP 800-53A
• NIST SP 800 Series Documents
• NIST Information Technology Lab Bulletins
• NIST 800-53

Core Security White Papers

The Rise of Security Testing
Learn why comprehensive security testing is critical to proactive IT risk management.

• View the white paper

Smarter Security Spending
Learn how comprehensive testing helps to drive increased security ROI in a stormy economy.

• View the white paper

Success Story

"To prove that our security testing is both consistent and unbiased, we´re required to have an outside entity provide us with accreditation. Because of the approach we´ve established testing with CORE IMPACT, and the ability to respond quickly and patch any issues, we remain confident that auditors will recognize that we´ve tested everything to best of our abilities in the same manner that a hacker would."
James Barth
Chief Security Engineer
Teachers Retirement System of Georgia

• Read the full story
• View other success stories
• View more customers