on May 20, 2018The National Institute of Standards and Technology (NIST) is a part of the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
Archer provides authoritative source content for several NIST guidelines including:
- NIST Cybersecurity Framework 1.1
- NIST Privacy Framework 1.0
- NIST SP 800-30 Rev 1 Guide for Conducting Risk Assessments
- NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems Revision 2
- NIST SP 800-39 Guide for Managing Information Security Risk
- NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Revision 4
- NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Revision 5
- NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security Revision 2
- NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
Languages
This content is available in English only.
Mappings
The following standards have mappings for the NIST guidelines to the Archer Control Standard Library are available in the authoritative source content pack:
- NIST Privacy Framework 1.0
- NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems Revision 2
- NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Revision 4
- NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security Revision 2
- NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
The following guidelines do not have control standard mappings:
- NIST SP 800-30 Rev 1 Guide for Conducting Risk Assessments
- NIST SP 800-39 Guide for Managing Information Security Risk
- NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Revision 5
Note: Previously we made available a DRAFT version of the NIST 800-53 Rev 5 standard so that Archer customers could get a head start on preparing for it. On September 23, 2020 NIST released the final version of NIST 800-53 Rev 5. We have created import files that will bring this content into Archer for our customers but are still reviewing the mappings based on guidance from NIST that continues to be released. We will have a fully mapped version available sometime within the next 4-6 weeks.
Content Source
Links to the content sources are provided with the individual booklet listing above.
Licensing Restrictions
The NIST authoritative source content is available with the use of the Archer Policy Program Management, Archer IT Policy Program Management, and/or Archer Authorization and Assessment use cases. No additional license is required.
For More Information
To learn more about the Archer Policy Library Content:
- Review the Archer Content Import Tip Sheet for instructions on how to import content
- Download the NIST Cybersecurity Framework Authoritative Source Content Package
- Download the NIST Privacy Framework Authoritative Source Content Package
- Download the NIST SP 800-30 Rev 1 Guide for Conducting Risk Assessments Content Package
- Download the NIST SP 800-37 Authoritative Source Content Package
- Download the NIST SP 800-39 Guide for Managing Information Security Risk Authoritative Source Content Pack
- Download the NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Revision 4 Authoritative Source Content Package
- Download the NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Revision 5 Authoritative Source Content Package
- Download the NIST SP 800-82 R2 Authoritative Source Content Package
- Download the NIST SP 800-171 Authoritative Source Content Package
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact Archer at archersupport@rsa.com for more information.