NIST SP 800-53 provides a catalog of controls that support the development of secure and resilient information systems. These controls are used by information systems to maintain the integrity, confidentiality, and security of information systems.
|AC - Access Control ||A method of guaranteeing that users are who they say they are and that they have the appropriate access to company data.|
|AU-Audit and Accountability||This control ensures that sufficient controls are in place to provide auditable evidence for system transactions and key records for a sufficient amount of time.|
|CM - Configuration Management||A systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life.|
|CP - Contingency Planning||A course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen.|
|IA - Identification and Authentication||Identify and authenticate access to system components.|
|IR - Incident Response||An organized approach to addressing and managing the aftermath of a security breach or cyberattack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.|
|MP - Media Protection||Data in use, stored, and data-in-transit should be protected in a way that maintains confidentiality and integrity during authorized use.|
|PL - Planning||Specifies the approach, responsibilities, and resources applied to managing protective security risks.|
|PM - Program Management||This control ensures that processes and procedures are performed with organization's information security and standards.|
|RA - Risk Assessment||A systematic process of identifying hazards and evaluating any associated risks within a workplace, then implementing reasonable control measures to remove or reduce them.|
|CA - Security Assessment and Authorization||Implement controls that evaluate management, operational, technical and privacy controls to ensure they are implemented properly and operating effectively.|
|SC - System and Communications Protection||establishes the rules necessary to properly establish network segmentation and boundary protection thought the organization, as well as establishing the necessary rules around how cryptography will be implemented. Additionally, this policy establishes rules around allowed communication methods and mechanisms to ensure that the authenticity of those methods is maintained.|
|SI - System and Information Integrity||To establish policy for developing and maintaining a Systems & Information Integrity program to ensure compliance with minimally acceptable system configuration requirements.|
|SA - System and Services Acquisition||The purpose of this policy is to define information security controls around system and service acquisition.|
To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.