NIST 800-53 Assessment and Framework Updates

By Mid December 2024, Apptega will be putting out our most recent updates of the NIST 800-53 Assessment and Framework products. Below are the updates that will be provided and includes the reasoning for such updates. 

NIST 800-53 Assessments 

The NIST 800-53 assessment does not have a pre-made assessment from NIST. With this limitation, Apptega uses a process of reviewing the controls and converting each control to a manageable question for compliance. This question is a guideline for the control and may not include all elements of the requirement. This process is conducted for all controls with the goal of creating questions that most closely align with the control requirements. These questions may not cover all requirements for every company. As such, our suggestion is to use the assessment as a baseline and also refer to the actual control statements to ensure you are covering all requirements of the control for your environment. 

1. The assessments for all baselines will be updated to include the following: 
   1. Updates to correct grammatical errors. 
   2. Updates to ensure the correct number of questions in each baseline (if needed). 

The NIST 800-53 framework will be updated to add a level of depth to the control areas. All control areas will have any sub controls nested within the main control. Additionally: 

1. The framework for all baselines will be updated to include the following: 
   1. Updates to correct grammatical errors. 
   2. Updates to ensure the correct number of controls in each baseline (If needed).