The NIST security standard is a very “Document and Process” heavy standard which covers a broad range of security controls.
Crimson Security Inc.’s NIST 800-53 security assessments are based on evaluating the security posture of the organization against requirements derived out of the NIST Special Publication 800-53 standard. Depending on client status, the High, Medium, or Low baseline will be used.
Our assessment process for this standard includes the following general steps:
- Preliminary Information Gathering
- Port Scanning
- Vulnerability Testing
- War Dialing
- On-site Inspection
- Document Review
- Interviews
- Inspection of physical & logical Configuration and Architecture
- Internal and External Vulnerability Scanning