The Drummond Group

NIST 800-53

NIST 800-53, developed by the National Institute of Standards and Technology (NIST), has become the de-facto standard of security controls used by organizations, private standards organizations, and others. Many industries, including Healthcare, have come to rely on the standard as a basis for communicating their compliance to the security and privacy mandates set by HIPAA, GDPR, and other laws. Why re-invent the wheel?

Drummond Group has developed a proprietary toolkit that culminates the NIST 800-53 controls into an easily guided compliance assessment to provide you the necessary communication tool to close gaps, reduce risk, and demonstrate compliance. These controls can be mapped to HIPAA, CMS ARS, or other frameworks of your choosing (if possible). Basically, we believe that controls are generic, but implementation is unique!

We also want you to know that we believe that transferring our knowledge to you and your staff is a part of the service. We have seen for ourselves how important it is that your organization can continue operating controls long after the engagement. Don’t worry, we will always be a short phone call away to provide ongoing assistance if needed.

Compliance Assessment

Want to know how close your organization comes to meeting NIST 800-53 control requirements? The process, based on the control selection for the level of impact system provided, will allow you to follow the NIST Risk Management Framework (RMF) to understand your gaps. If you are not sure, we will default to a “LOW” impact system and work our way up from there.

Then Drummond Group will:

  • help you identify the right interviewees, identify documentation to provide for the review, and discuss your reporting needs right from the get-go,
  • come onsite to assess, test, and review your systems and processes,
  • assimilate the answers and reviewed material findings into an easy to understand report,
  • provide mappings, graphs, and other helpful diagrams,
  • provide recommendations unique to your organization’s culture, needs, and risk tolerance,
  • assist with defining and POA&M, and
  • provide ongoing assistance, if requested.

Risk Assessment

Want to know if your organization has risk, based on the NIST 800-53 control framework? We can further enhance your compliance assessment with applying the gaps identified in the NIST 800-53 compliance assessment to current threats and vulnerabilities to derive a risk level. We can then assist you with transferring those risk into your ongoing risk management processes.

Speak with an assessment advisor today!

Contact Us