Federal agencies are required by law to comply with the Federal Information Security Management Act (FISMA), which references the NIST SP 800-53 Recommendations. The long-awaited Revision 4 represents the first major review of the Recommendations in almost four years. These changes have important ramifications for agencies that need to be FISMA compliant.
A primary driver for updating the NIST Recommendations was to help organizations confront advanced persistent threats (APTs). Many controls and control enhancements were added to address APTs, including increased requirements for securing privileged accounts.
Privileged accounts are specifically targeted by APTs because they enable broad access to critical assets. When a privileged account is compromised, the attacker has the power to gain access to a vast amount of data, and their activity can be extremely hard to detect. The release of Revision 4 will prompt many agencies to focus on improving the security of privileged accounts.
This white paper provides an overview of:
- How to confront advanced threats;
- How to address NIST SP 800-53 Recommendations;
- A privileged account security solution.