Working with NIST 800-53
NIST is a government-backed cybersecurity framework that helps organizations assess risks such as threats, vulnerabilities, and impacts. Following the framework helps organizations reduce these risks as well as recover from cybersecurity events should they occur.
Hyperproof offers a NIST 800-53 program template you can use to quickly and easily stand up your program. See Creating a program with illustrative controls. Keep in mind that depending on the baseline you select, your NIST program may have more or fewer requirements. For example, if you create a program with a moderate baseline, only moderate-level requirements will be included in your program.
Additionally, you can choose to include extra add-ons, such as Privacy, to ensure that your organization reaches its compliance goals.
Generating a SSP report
Roles and permissions
The following roles can export a SSP report:
Administrators
Compliance managers who are members of the program
Users who are members of the program
You can quickly and easily generate a System Security Plan (SSP) report for your program. The SSP report provides an in-depth overview of the security requirements for your organization’s information system. Furthermore, the report describes all of the controls that your organization has in place for meeting its security requirements.
Note
In Hyperproof, the SSP report properties come from your program’s requirements, not the controls. If you link additional controls to your program, those controls do not show up in or alter the SSP report in any way.
From the left menu, select Programs.
Select your program.
It's recommended to edit any requirement information in Hyperproof prior to exporting the SSP report. This ensures that the information in Hyperproof is the source of truth, i.e. if you need to export the SSP report in the future, the information in Hyperproof is up-to-date. To edit a requirement:
Select the Requirements tab.
Select a requirement, and then select the Details tab.
Make any necessary edits.
Repeat steps B and C as necessary.
Select the ... (More options) tab, and then click Export SSP report.