ServerVault Service/Compliance Map for NIST 800-53

As federal agency program officers, system owners and IT managers are well aware, federal applications must comply with two standards: Federal Information Processing Standard (FIPS) 199 and FIPS 200, which require risk assessment and selection of appropriate security controls for all federal applications. This compliance cannot be waived and must be completely documented by March 2007 for all agency applications.

In particular, the FIPS 199 standard states that agencies must perform an assessment of the confidentiality, integrity, and availability needs of their applications, and then set the resulting risk level (low, moderate, or high) for each application. FIPS 200 requires that agencies select appropriate security controls, document those controls, and validate that those controls are in place. The set of security controls that are recommended are documented in NIST publications 800-53, and the security review process is in 800-26.

Many of the security controls that must be implemented impact existing data center design and operations in a significant manner, either in requiring documentation of policies and practices or extensive modifications to the physical data center environment.

Over the past years, ServerVault has oriented our delivery model to specifically address FISMA and other government standards.

Click here to receive a copy of the ServerVault Service/Compliance Map for NIST 800-53?