Why AvatierProductsSolutionsPartners
PricingRequest DemoResourcesSupport(925) 217-5170

NIST 800-53 Compliance Solutions

NIST 800-53 Compliance Automation and Self-service Administration

Compliance alone does not ensure the real value an organization gains from NIST 800-53 compliance. Avatier Identity Management Software suite (AIMS) offers a holistic compliance management solution featuring IT automation coupled with self-service administration. AIMS automates FISMA and FIPS 200 compliance solutions to deliver a unified compliance management software solution.

NIST 800-53 Access Control (AC)

Code Title AIMS Description
AC-1 Access Control Policy Identity Enforcer Formalize procedures to facilitate the implementation of access control policies.
AC-2 Account Management Identity Enforcer Manage system accounts, group memberships, privileges, workflow, notifications, deactivations, and authorizations.
AC-3 Access Enforcement Identity Enforcer Enforce approved authorizations for access to systems in accordance with policy.
AC-4 Information Flow Enforcement Identity Enforcer Enforce approved authorizations. Control information workflow between interconnected systems.
AC-5 Separation of Duties Identity Enforcer Separate duties of individuals to prevent malevolent activity. automate separation of duties and access authorizations.
AC-6 Least Privilege Identity Enforcer Automate least privilege. Allow only authorized accesses for users and processes which are necessary.
AC-7 Unsuccessful Login Attempts Password Station Enforce a limit of consecutive invalid login attempts by a user.
AC-8 System Use Notification Password Station Display approved system use notification prior to login and where appropriate.
AC-9 Logon (Access) Notification Password Station Notify users upon successful logon of the date and time of logon.
AC-10 Concurrent Session Control Identity Enforcer Limit and define the number of concurrent sessions for each system account by account type, account or a combination.
AC-11 Session Lock Password Station Prevent further access to systems. Initiate session lock after inactivity or upon receiving a request from a user.
AC-14 Actions without Authentication Identity Enforcer Identify specific user actions that can be performed on an information system without identification and authentication.
AC-16 Security Attributes Identity Enforcer Support and maintains the binding of security attributes to information in storage, in process, and in transition.
AC-17 Remote Access Identity Enforcer Authorize remote access systems prior to connection. Enforce remote connection requirements to information systems.
AC-18 Wireless Access Identity Enforcer Authorize wireless access to systems prior to connection. Enforce wireless requirements for connecting to systems.
AC-19 Mobile Device Access Control Identity Enforcer Authorize mobile device access to system prior to connection. Enforce mobile device system connection requirements.
AC-20 External Information Systems Password Station Access information systems from external systems. Process, store and transmit information using external systems.
AC-21 User Collaboration and Information Sharing Group Requester Facilitate information sharing. Enable authorized users to grant access to partners.
AC-22 Publicly Accessible Content Identity Enforcer Designate individuals authorized to post information onto an organization's information system that is publicly accessible.

NIST 800-53 Audit and Accountability (AU)

Code Title AIMS Description
AU-1 Audit Accountability Procedures Compliance Auditor Automate audit and accountability policy and procedures that addresses purpose, scope, roles, responsibilities, management, coordination and compliance.
AU-2 Auditable Events Compliance Auditor Automate security audit function with other organizational entities. Enable mutual support of audit of auditable events.
AU-3 Content of Audit Records Identity Enforcer Produce audit records that report what event occurred, when, where, the source, the outcome, and the identity.
AU-4 Audit Storage Capacity Compliance Auditor Allocate audit record storage capacity and configure auditing to reduce the likelihood of such capacity being exceeded.
AU-5 Response to Audit Processing Failures Compliance Auditor Alert designated organizational officials in the event of an audit processing failure and take appropriate action.
AU-6 Audit, Review, Analysis and Reporting Compliance Auditor Integrate audit review, analysis, and reporting with processes for investigation and response to suspicious activities.
AU-7 Audit Reduction and Report Generation Compliance Auditor Support for real-time audit review, analysis, and reporting requirements without altering original audit records.
AU-8 Time Stamps Identity Enforcer Use internal system clocks to generate time stamps for audit records.
AU-9 Protection of Audit Information Compliance Auditor Protect audit information & tools from unauthorized access, modification & deletion.
AU-10 Non-Repudiation Compliance Auditor Protect against an individual falsely denying having performed an action.
AU-11 Audit Record Retention Compliance Auditor Retain audit records for security investigations. Meet regulatory and organizational data retention requirements.
AU-12 Audit Generation Compliance Auditor Audit events defined in AU-2. Allow trusted personnel to select which events to audit. Generate audit records for events.
AU-14 Session Audit Identity Enforcer Capture, record and log user sessions. Remotely view all content related to a user session that starts at system start-up.

NIST 800-53 Security Assessment and Authorization (CA)

Code Title AIMS Description
CA-1 Security Assessment and Authorization Identity Analyzer Formalize security assessment. Implement security assessments of authorization policies and internal controls.
CA-2 Security Assessments Identity Analyzer Assess security controls to determine effectiveness and produce security reports, documentation, and graphs.
CA-5 Plan of Action Milestones Identity Analyzer Determine actions and milestones as part of a security assessment to reduce or eliminate system vulnerabilities.
CA-6 Security Authorization Identity Enforcer Assign authorizing roles in systems and workflow for processing authorizations before commencing operations.
CA-7 Continuous Monitoring Identity Analyzer Continuously monitor configuration management processes. Determine security impact, environment and operational risks.

NIST 800-53 Identification and Authentication (IA)

Code Title AIMS Description
IA-1 Identification and Authentication Identity Enforcer Automate identity and authentication policies. Coordinate organizational entities. Streamline compliance operations.
IA-2 Identification and Authentication (Org) Identity Enforcer Identify and authenticate organization users and processes.
IA-4 Identifier Management Identity Enforcer Manage information system identifiers for users and devices. Automate authorizing and disabling users to prevent misuse.
IA-5 Authentication Management Identity Enforcer Authenticate users and devices. Automate administrative control. Enforce restrictions. Protect against unauthorized use.
IA-6 Authentication Feedback Password Station Obscure authentication feedback during authentication process. Protect authentication information from exploitation.
IA-7 Cryptographic Module Authentication Identity Enforcer Authentication to a cryptographic module that meet applicable legal requirements.
IA-8 Identification and Authenticate (Non-Org) Identity Enforcer Identify and authenticate non-organizational users and processes.

NIST 800-53 Risk Assessment (RA)

Code Title AIMS Description
RA-1 Risk Assessment Policy and Procedures Balanced Scorecard Track risk assessment policies that address purpose, scope, roles, management, and organizational compliance.
RA-2 Security Categorization Balanced Scorecard Categorize information and system in accordance with applicable laws, Executive Orders, regulations and standards.
RA-3 Risk Assessment Balanced Scorecard Assess risks and magnitude of unauthorized system access, use, disclosure, disruption, modifications, or destruction.
RA-5 Vulnerability Scanning Identity Analyzer Scan for system vulnerabilities. Share vulnerability information and security controls that eliminate vulnerabilities.