Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NIST SP800-53 Compliance Evaluation #42

Open
cjbuchanan opened this issue Jan 22, 2021 · 2 comments
Open

NIST SP800-53 Compliance Evaluation #42

cjbuchanan opened this issue Jan 22, 2021 · 2 comments
Labels
Compliance Question

Comments

@cjbuchanan
Copy link

From Issue #36.

Federal systems, and federally funded state systems, must demonstrate FISMA compliance using the NIST SP800-53 guidelines according to Federal Information Processing Standards (FIPS) 199 Moderate level of impact to comply with the Health Information Portability and Accountability Act (HIPAA).

https://www.insidegovernmentcontracts.com/2014/12/fisma-updated-and-modernized/
@pradeepBoston
Copy link

Payload is not encrypted. It is raw BLOB data. It is not compliant with NIST SP800-53 guidelines as payload must be encrypted with signature which are exchanged to validate.

@infopowerbroker
Copy link

To clarify, which version of NIST 800-53 are you looking at (v5 or v4) and which controls (and control enhancements) are being referenced? Also, what is the scope or 'system boundary' that is being included in this question?

Compliance is broad brush, so specifics are helpful to nail down the necessary protections vs tradeoffs to promote overall the system boundary's confidentiality, integrity, and availability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Compliance Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmandel @infopowerbroker @cjbuchanan @pradeepBoston