How To

Continuous adherence to NIST 800-53 controls for cloud infrastructure

Many customers use Turbot Guardrails enterprise to ensure continuous security and compliance adherence of their cloud infrastructure with external industry standards, now including support for NIST 800-53.

Turbot Team
5 min. read - Jul 12, 2016
Many customers use Turbot Guardrails enterprise to ensure continuous security and compliance adherence of their cloud infrastructure with external industry standards, now including support for NIST 800-53.

Many of our enterprise customers are using Turbot Guardrails enterprise to ensure continuous security and compliance adherence of their Cloud Infrastructure with applicable internal controls and external industry standards.

One of those industry standards most enterprise customers map their controls to is the National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 4 (Security and Privacy Controls for Federal Information Systems and Organizations). The NIST 800-53 publication defines a catalog of security and privacy controls addressing various technology functionality and operational processes that are sufficiently trustworthy. These controls are often customized and can be mapped to other customer internal controls, external regulations, and standards.

Turbot Guardrails NIST 800-53 Mapping

To simplify mapping to NIST 800-53 controls, Turbot Guardrails provides customers a NIST 800-53 P1, P2, and P3 controls mapping to Turbot Guardrails functionality, including critical control subparts descriptions of how Turbot's hundreds of out-of-the-box (OOTB) features will enable and continuously adhere to the mapped controls.

Turbot Guardrails NIST Control Example

As an example of how Turbot Guardrails OOTB guardrails automatically adhere to a NIST 800-53 control; CP-9 Contingency Planning - Information System Backup (control sub-parts: CP-9a, CP-9b, CP-9c, CP-9d) describes backup of information systems controls.

Turbot Guardrails has many backup guardrails for various AWS Services (e.g. S3, EC2, DynamoDB, RDS, Redshift). Within Turbot Guardrails, Administrators can define backup guardrails across one or many AWS accounts to ensure adherence to CP-9. For example for EC2 and RDS:

Turbot EC2 Snapshot Guardrails

Administrators can define how often EC2 volumes are backed up to snapshots, and how long those snapshots should be retained in one or many AWS accounts. Turbot Guardrails automates creation and rotation of these snapshots per the configurations and retention policies. This helps accelerate the customer with good operational processes that ensures backups are occurring within appropriate time periods, backups are retained per retention policies, and the organization can ensure adherence to CP-9 controls.

Turbot RDS Snapshot Guardrails

Administrators can enforce retention periods of RDS snapshots to ensure that snapshots are created and retained per retention policies. Turbot Guardrails will enforce the RDS configuration for the RDS snapshot retention period for one or many RDS instances across one or many AWS accounts. In addition, Turbot Guardrails provides additional protection against accidental deletions of snapshots in RDS. Since RDS automatic snapshots are automatically deleted when the RDS instance or RDS cluster is deleted, Turbot Guardrails has additional protection that can be placed on snapshots to create and maintain manual snapshots in parallel to avoid data loss if an accidental RDS instance deletion occurs.

Please contact us with questions about NIST, controls mappings, continuous security and compliance, and any other security assurance questions you may have.