At Twistlock, we frequently work with federal agencies and leading enterprises about how the Twistlock Platform can better help them manage compliance across the application lifecycle by, integrating during the image build process, continuously monitoring the registry, and monitoring containers at runtime.
The value of NIST SP 800-53
NIST SP 800-53 is a collection of security controls and assessment procedures that both U.S. Federal and non-governmental organizations can apply to their information systems, policies, and procedures. Based upon the environment’s assessed impact level, prescribed controls can and should be implemented to protect the integrity of the organization’s information systems. The goal is to protect organizational operations, assets, and individuals from a diverse set of threats including: hostile cyber attacks, natural disasters, structural failures, and human errors.
Twistlock CTO John Morello was a contributing author a related special publication title NIST SP 800-190, Application Container Security Guide. This Special Publication is technology agnostic and focuses on developing an organization’s mindset for the implementation microservices. Importantly, NIST SP 800-190’s Appendix B is a mapping of the publication’s recommended controls to the SP 800-53 security controls.
Customers frequently ask us how does Twistlock maps to NIST SP 800-53. As a result, we are officially sharing the Twistlock mappings for this special publication. You are welcome to download the document and learn more about:
- Key considerations for access control to ensure proper authentication and account management
- Proper auditing and compliance using Twistlock pre-built compliance templates, Compliance Explorer, and syslog integration
- How Twistlock provides satisfactory security assessments
- And more including identification and authentication, risk assessment, and system and communication protection.
In additional to the NIST SP 800-53 mappings, we also have a companion guide for NIST SP 800-190 to help you better understand takeaways and benefits. If you have any additional questions on leveraging this document or applying security controls within the federal space, do not hesitate to get in touch.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
AWS Fargate Security: Runtime Defense with Twistlock 2.5Read the Blog
Cloud Native Forensics: Security Incident Response in Twistlock 2.5Read the Blog
Announcing Twistlock 2.5: GA Release NotesRead the Blog
GitOps 101: What Is GitOps, and Why Would You Use It?Read the Blog
DevSecOps Learning Resources: How to Learn to Do DevSecOpsRead the Blog