Creating NIST SP 800-53 reports

The National Institute of Standards and Technology’s (NIST) Special Publication 800-53 comprises operational, technical, and management security controls that are designed to secure and enhance the resilience of US government networks and federal IT systems. Titania Nipper can automate the compliance assessment of up to 49 of the NIST SP 800-53 controls and control enhancements, related to devices, across the following 8 control families:

  • Access Control (AC)

  • Audit & Accountability (AU)

  • Configuration Management (CM)

  • Contingency Planning (CP)

  • Identification & Authentication (IA)

  • Maintenance (MA)

  • System & Communications Protection (SC)

  • System & Information Integrity (SI)

For further information on the NIST SP 800-53 Titania mapping, see the guide https://www.titania.com/resources/compliance/nist-800-53-mapping-document

Note: The NIST SP 800-53 report is available as part of the Nipper Compliance suite of reports. For more information, contact your Solutions Advisor, or sales@titania.com.

The report provides a risk based evidentiary Pass and Fail assessment, mapped to STIGs, based on the CCI references. Findings shown within the report are based on the STIG risk-based categorization of CAT I, CAT II and CAT III and sorted by severity, allowing you to focus on the most critical vulnerabilities first.

Creating the NIST SP 800-53 Report

  1. To begin, go to File, New Report.

  2. Add one or more devices to the audit using Config File, Config Dir, Remote Device or Remote List methods.

  3. On the Reporting Options screen, select the NIST 800-53 report check box. If this is not available, your active license does not support the NIST SP 800-53 feature.

  4. On the Report Comparison screen, if you wish to perform a comparison with a previously generated report, select the report here.

  5. Begin the report generation by pressing the Next button.

  6. After a short time generating, your report is then available.

 

Viewing the NIST 800-53 report

The NIST 800-53 report will be displayed in HTML format by default, within the Nipper report Browser. From here, you can scroll through the report, navigate to key sections via the navigation window shown to the right of the screen and search for key text or phrases within the report. You also have the option to save the report in several formats.