Posted On: Apr 7, 2021

AWS Audit Manager now offers a new prebuilt standard framework for NIST 800-53 (Rev. 5) Low-Moderate-High. This framework adds to the existing prebuilt frameworks provided in Audit Manager. With this release, you can launch an assessment from this framework with just a few clicks. Audit Manager will map your AWS resources to the requirements in NIST 800-53 (Rev. 5) Low-Moderate-High and start gathering evidence automatically to help you scale your audit capability in the cloud as your business grows.

The National Institute of Standards and Technology (NIST) is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems. These standards and guidelines ensure sufficient protection of confidentiality, integrity, and availability of information and information systems, based on the security category and impact level of the system (low, moderate, or high), and a risk determination. The NIST 800-53 (Rev. 5) Low-Moderate-High framework offers the next generation of security controls and associated assessment procedures to strengthen the security posture of all entities of critical infrastructure in a proactive and systematic approach. In this framework, Audit Manager provides 225 automated controls and 782 manual controls. These controls offered by Audit Manager do not guarantee that you will pass a NIST assessment but instead help reduce effort and time in your NIST review preparation.

This release is now available in all AWS Regions where AWS Audit Manager is offered. To learn more, see the NIST 800-53 (Rev. 5) Low-Moderate-High user guide in AWS Audit Manager documentation.