ewaste security compliant data destruction
Contact Us

NIST Compliance

IT Asset Management and Data Destruction

NIST Compliance – IT Asset Management and Data Destruction

The National Institute of Standards and Technology (NIST) has developed standards for those individuals and organizations holding information in digital media format.  The three most notable for IT Asset managers, computer security professionals and information security professionals are: Digital Media Sanitization (NIST 800-88), IT Asset Managment (NIST 1800-5), and (NIST 800-53) Security and Privacy Controls.

Guidelines for media sanitization.

NIST 800-88

Guidelines for Media Sanitization

This document will assist organizations develop risk-based policies, techniques and controls for the sanitization and disposal of digital media containing confidential information.

The objective of this special publication is to assist with decision making when media require disposal, reuse, or will be leaving the effective control of an organization. Organizations should develop and use local policies and procedures in conjunction with this guide to make effective, risk-based decisions on the ultimate disposal or destruction of digital media and information.

Guidelines for media sanitization.

NIST 1800-5

IT Asset Management

Companies in all industries and sectors can use this IT Asset Management Guide to more securely and efficiently monitor and manage their organization’s IT Assets.

During the project development, we focused on a modular architecture that would allow organizations to adopt some or all of the example capabilities in this practice guide. Depending on factors like size, sophistication, risk tolerance, and threat landscape, organizations should make their own determinations about the breadth of IT asset management capabilities they need to implement.

The guide helps organizations gain efficiencies in IT asset management, while saving them research and proof of concept costs.

NIST 800-53

NIST 800-53

Physical Access Control and Protection

Physical access authorizations apply to employees and visitors. Individuals with permanent physical access authorization credentials are not considered visitors. 

 Physical access devices include keys, locks, combinations, biometric readers, and card readers. Physical access control systems comply with applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. Organizations have flexibility in the types of audit logs employed. Audit logs can be procedural, automated, or some combination thereof. Physical access points can include facility access points, interior access points to systems that require supplemental access controls, or both. Components of systems may be in areas designated as publicly accessible with organizations controlling access to the components.

NIST 800-66 HIPAA Security Rule

NIST 800-66

Implementing HIPAA Security Rule

NIST 800-66 summarizes the HIPAA security standards and explains some of the structure and organization of the Security Rule. The publication helps to educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule.

This publication is intended as an aid to understand security concepts discussed in the HIPAA Security Rule and does not supplement, replace, modify, or supersede the Security Rule itself.

NIST 800-12 Introduction

 

.

NIST 800-12

An Introduction to Information Security

NIST 800-12 serves as a starting point for those unfamiliar with NIST information security publications and guidelines. The intent of this special publication is to provide a high-level overview of information security principles by introducing related concepts and the security control families.

GLBA | PCI/DSS | HIPAA | Dept. of Defense.

 

NIST 800-30 Conducting Risk Assessment

 

.

NIST 800-30

Guide for Conducting Risk Assessments

NIST 800-30 provides guidance on risk management for organizations in the public and private sectors.  The focus of this publication is looking at risk assessment – used to identify, estimate, and prioritize risk.  GLBA Safeguards Rule.

This publication details the four components of risk assessment including: 1) how to prepare for risk assessments; 2) how to conduct risk assessments, 3) how to communicate risk assessment results to key organizational personnel and 4) how to maintain the risk assessments over time.

 

 

NIST 800-30 Conducting Risk Assessment

 

.

 

NIST 800-37

Risk Management Framework for Information Systems and Organizations

NIST 800-37 is intended to help organizations manage security and privacy risk and to satisfy the requirements in the Federal Information Security Modernization Act of 2014 [FISMA], the Privacy Act of 1974 [PRIVACT], OMB policies, and designated Federal Information Processing Standards, among other laws, regulations, and policies.

 

 

 

NIST 800-53 Security & Privacy Control

 

NIST 800-53

Security and Privacy Controls for Information Systems

NIST 800-53 publication, along with other supporting NIST publications, is designed to help organizations identify the security and privacy controls needed to manage risk and to satisfy the security and privacy requirements in FISMA, the Privacy Act of 1974, OMB policies (e.g., OMB A-130), and designated Federal Information Processing Standards (FIPS), among others.

The use of NIST 800-53 controls is mandatory for federal agencies, federal contractors and organizations working on behalf of agencies.  However, the same organizations must follow NSA standard for data destruction.

.