What is NIST? | Overview Cyber Security NIST compliance for small business using DISA STIGS

Описание: Overview Cyber Security NIST compliance for small business using DISA STIGS. A notional AWS technology stack. Cyber Security for the the people | Small Business
Modern information systems1 can include a variety of computing platforms (e.g., industrial
control systems, general purpose computing systems, cyber-physical systems, super computers,
weapons systems, communications systems, environmental control systems, medical devices,
embedded devices, sensors, and mobile devices such as smart phones and tablets). These
platforms all share a common foundation—computers with complex hardware, software and
firmware providing a capability that supports the essential mission and business functions of
organizations.2
Security controls are the safeguards or countermeasures employed within a system or an
organization to protect the confidentiality, integrity, and availability of the system and its
information and to manage information security3 risk. Privacy controls are the administrative,
technical, and physical safeguards employed within a system or an organization to manage
privacy risks and to ensure compliance with applicable privacy requirements.
4 Security and
privacy controls are selected and implemented to satisfy security and privacy requirements
levied on a system or organization. Security and privacy requirements are derived from
applicable laws, executive orders, directives, regulations, policies, standards, and mission needs
to ensure the confidentiality, integrity, and availability of information processed, stored, or
transmitted and to manage risks to individual privacy.
The selection, design, and implementation of security and privacy controls5 are important tasks
that have significant implications for the operations6 and assets of organizations as well as the
welfare of individuals and the Nation. Organizations should answer several key questions when
addressing information security and privacy controls:
• What security and privacy controls are needed to satisfy security and privacy requirements
and to adequately manage mission/business risks or risks to individuals?
• Have the selected controls been implemented or is there a plan in place to do so?
• What is the required level of assurance (i.e., grounds for confidence) that the selected
controls, as designed and implemented, are effective?7