WISP | NIST 800-53 (high) Policies & Standards


The NIST SP 800-53 rev5 Low, Moderate & High Baseline-based Written Information Security Program (WISP-LMH) is our latest set of NIST-based cyber security policies and standards that are based on NIST SP 800-53 Rev5.



NIST 800-53 HIGH

The NIST SP 800-53 rev5 Low, Moderate & High Baseline-based Written Information Security Program (WISP-LMH) is our latest set of NIST-based cyber security policies and standards that are based on NIST SP 800-53 Rev5. This WISP is a comprehensive, editable, easily implemented document that contains the policies, control objectives, standards, and guidelines.

Based on the topics it covers, NIST SP 800-53 is on the more robust side of the spectrum. NIST SP 800-53 rev5 consists of 20 different families of cyber security and privacy controls.

aNetworks provides professionally written policies, procedures, standards, and guidelines at a very affordable cost. All information security policies and standards are backed up by documented leading-industry practices. It’s a fraction of the cost of writing one yourself or hiring an outside consultant to write one for you.

The NIST SP 800-53 R5 WISP-LMH has complete coverage for these core frameworks: 

  • NIST SP 800-53 R5 (low, moderate, high & privacy baselines – as defined in NIST SP 800-53B)  
  • Federal Risk and Authorization Management Program (FedRAMP) (low, moderate, high & Li-SaaS baselines)
  • Federal Acquisition Regulation (FAR) 52.204-21 (cybersecurity requirements)
  • DoD Cybersecurity Maturity Model Certification (CMMC) v1.02  (Maturity Levels 1, 2, 3 & 4 practices)
  • NIST SP 800-171 R2 (CUI & NFO controls)
  • NIST SP 800-172  – (controls to protect against Advanced Persistent Threats (APTs))

The following leading practices are mapped to the corresponding NIST SP 800-53 rev5 WISP-LMH standards. This mapping is in the corresponding Excel spreadsheet that is included as part of your purchase:

  • AICPA Trust Services Criteria (TSC) (commonly referred to as SOC 2 controls)
  • CERT Resilience Management Model (CERT RMM) v1.2
  • Center for Internet Security Critical Security Controls (CIS CSC) v7.1 (commonly referred to as the SANS Top 20)
  • Fair & Accurate Credit Transactions Act (FACTA)
  • Generally Accepted Privacy Principles (GAPP)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • ISO 27002:2013
  • IRS 1075
  • MA 201 CMR 17.00
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
  • National Industrial Security Program Operating Manual (NISPOM)
  • NIST Cybersecurity Framework (NIST CSF) v1.1
  • NY 23 NYCRR 500
  • Oregon Consumer Identity Theft Protection Act (OR 646A)
  • Payment Card Industry Data Security Standard (PCI DSS) v3.2.1
  • Secure Controls Framework (SCF)
  • UK Cyber Essentials

In addition to NIST-based Cyber Security Policies & Standards, the NIST SP 800-53 R5 WISP-LMH comes with the following resources included:

As an extra bonus, we include the following supplemental documentation at no additional cost:

  • Excel spreadsheet that maps the standards to multiple statutory, regulatory, and contractual frameworks 
  • Customizable cybersecurity awareness training presentation in Microsoft PowerPoint for information security awareness training ($260 value)
  • Cyber Security awareness training form
  • Customizable Incident Response Plan (IRP) template
  • Business Impact Assessment (BIA) template
  • Business Continuity Plan (BCP) & Disaster Recovery (DR) template
  • Service provider indemnification & Non-Disclosure Agreement (NDA) template
  • User acknowledgment form
  • Change management request form
  • Risk assessment methodology template
  • Appointment orders for an Information Security Officer (ISO)

Our WISP-LMH organizes the families of NIST SP 800-53 R5 according to FIPS 199 Management, Operational & Technical categories:

  • Access Control (AC) policy
  • Assessment, Authorization & Monitoring (CA) policy
  • Audit & Accountability (AU) policy
  • Awareness & Training (AT) policy
  • Configuration Management (CM) policy
  • Contingency Planning (CP) policy
  • Identification & Authentication (IA) policy
  • Incident Response (IR) policy
  • Maintenance (MA) policy
  • Media Protection (MP) policy
  • Personally Identifiable Information (PII) Processing & Transparency (PT) policy
  • Personnel Security (PS) policy
  • Physical & Environmental Protection (PE) policy
  • Planning (PL) policy
  • Program Management (PM) policy
  • Risk Assessment (RA) policy
  • Supply Chain Risk Management (SR) policy
  • System & Communications Protection (SC) policy
  • System & Information Integrity (SI) policy
  • System & Services Acquisition (SA) policy

Benefits of a NIST 800-53 R5 HIGH WISP:

  • Decreased costs – less reactive IT support
  • Compliance coverage
  • Improved productivity – decreased distractions
  • Less virus & malware outbreaks – decreased downtime & expense
  • More efficient operations – better performing network & computers
  • Increased accountability of assets & resources
  • Educated & trained employees
  • Proper documentation to remove liability