WISP | NIST 800-53 (moderate) Policies & Standards




NIST 800-53 Rev5 LOW & MODERATE BASELINE Based Cyber Security Policies & Standards  

The NIST 800-53 rev5 Low & Moderate Baseline-based Written Information Security Program (WISP-LM) is our leading set of NIST-based cyber security policies and standards. This is a comprehensive, editable, easily implemented document that contains the policies, control objectives, standards, and guidelines your company needs to secure data and meet compliance requirements.

At its core, this version of the NIST SP 800-53 R5 Written Information Security Program (WISP-LM) is designed to align with “moderate baseline” controls from NIST SP 800-53 R5. The NIST SP 800-53 R5 WISP-LM has complete coverage for these core frameworks: 

  • NIST SP 800-53 R5 (low, moderate & privacy baselines – as defined in NIST SP 800-53B)  
  • Federal Risk and Authorization Management Program (FedRAMP) (low, moderate, high & Li-SaaS baselines)
  • Federal Acquisition Regulation (FAR) 52.204-21 (cybersecurity requirements)
  • DoD Cybersecurity Maturity Model Certification (CMMC) v1.02  (Maturity Levels 1, 2, 3 & 4 practices)
  • NIST SP 800-171 R2 (CUI & NFO controls)

The following leading practices are mapped to the corresponding NIST SP 800-53 rev5 WISP-LM standards and included as part of your purchase:

  • AICPA Trust Services Criteria (TSC) (commonly referred to as SOC 2 controls)
  • CERT Resilience Management Model (CERT RMM) v1.2
  • Center for Internet Security Critical Security Controls (CIS CSC) v7.1 (commonly referred to as the SANS Top 20)
  • Fair & Accurate Credit Transactions Act (FACTA)
  • Generally Accepted Privacy Principles (GAPP)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • ISO 27002:2013
  • IRS 1075
  • MA 201 CMR 17.00
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
  • National Industrial Security Program Operating Manual (NISPOM)
  • NIST Cybersecurity Framework (NIST CSF) v1.1
  • NIST SP 800-172  – (controls to protect against Advanced Persistent Threats (APTs))
  • NY 23 NYCRR 500
  • Oregon Consumer Identity Theft Protection Act (OR 646A)
  • Payment Card Industry Data Security Standard (PCI DSS) v3.2.1
  • Secure Controls Framework (SCF)
  • UK Cyber Essentials

In addition to NIST-based Cyber Security Policies & Standards, the NIST SP 800-53 R5 WISP-LM Comes With These Supplemental Cybersecurity Resources

As an extra bonus, we include the following supplemental documentation at no additional cost:

  • Excel spreadsheet that maps the standards to multiple statutory, regulatory, and contractual frameworks 
  • Customizable cyber security awareness training presentation in Microsoft PowerPoint for information security awareness training ($260 value)
  • Cybersecurity awareness training form
  • Customizable Incident Response Plan (IRP) template
  • Business Impact Assessment (BIA) template
  • Business Continuity Plan (BCP) & Disaster Recovery (DR) template
  • Service provider indemnification & Non-Disclosure Agreement (NDA) template
  • User acknowledgment form
  • Change management request form
  • Risk assessment methodology template
  • Appointment orders for an Information Security Officer (ISO)

The twenty (20) families of controls found in NIST SP 800-53 R5 equate to the twenty (20) policies in the Written Information Security Program (WISP) and this creates a comprehensive cyber security framework, since the standards in the WISP-LM map directly to the low, moderate and high controls in NIST SP 800-53 R5. To help organize the WISP to make it easier for readers, the WISP-LM organizes the families of NIST SP 800-53 R5 according to FIPS 199 Management, Operational & Technical categories:

  • Access Control (AC) policy
  • Assessment, Authorization & Monitoring (CA) policy
  • Audit & Accountability (AU) policy
  • Awareness & Training (AT) policy
  • Configuration Management (CM) policy
  • Contingency Planning (CP) policy
  • Identification & Authentication (IA) policy
  • Incident Response (IR) policy
  • Maintenance (MA) policy
  • Media Protection (MP) policy
  • Personally Identifiable Information (PII) Processing & Transparency (PT) policy
  • Personnel Security (PS) policy
  • Physical & Environmental Protection (PE) policy
  • Planning (PL) policy
  • Program Management (PM) policy
  • Risk Assessment (RA) policy
  • Supply Chain Risk Management (SR) policy
  • System & Communications Protection (SC) policy
  • System & Information Integrity (SI) policy
  • System & Services Acquisition (SA) policy

Benefits of a NIST 800-53 R5 MODERATE WISP:

  • Decreased costs – less reactive IT support
  • Compliance coverage
  • Improved productivity – decreased distractions
  • Less virus & malware outbreaks – decreased downtime & expense
  • More efficient operations – better performing network & computers
  • Increased accountability of assets & resources
  • Educated & trained employees
  • Proper documentation to remove liability