Created as part of the Joint Task Force Transformation Initiative, the National Institute of Standards and Technology (NIST) revised its controls to include new security controls and enhancements addressing issues related to:

  • The range of advanced persistent threats
  • Insider threats
  • Application security
  • Mobile and cloud computing
  • Supply chain issues
  • Distributed systems

The NIST controls are categorized by baselines that cover a wide range of operational areas – technology, training, processes, reporting, and physical infrastructure. This paper covers the five controls that relate to cybersecurity technology, and suggested use cases to specifically address privileged access management and vulnerability management.

NIST policies are divided into groups called Control Families. Each Control Family addresses how an organization can determine who should have access to information systems and how those privileges are granted, managed, reviewed, and revoked. Access controls address both the organization and the information system. Supplemental NIST guidance refers to the latest revision (revision 4) of the Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication 800-53.

The purpose of this paper is to give an overview of the security and privacy control families in the latest SP-800 53 Rev. 4 publication and demonstrate how BeyondTrust solutions address 5 of the 14 control families. Since many of the controls are dependent on individual organizations’ policies, it is difficult to identify every possible use case. For more information on how our solutions can help your agency achieve its mission, please contact us to speak with an Account Executive.