NIST 800-53 Rev 4 Excel – filtered like a fine aged whiskey

Hello World,

If you are looking for a better way to view and audit against NIST Special Publication 800-53 Revision 4 hopefully you have found the right place.  The original from NVD/NIST is the tab delimited form via .txt file and although detailed, it does not allow you to filter based on impact level. That is because the impact level is not filled out completely into sublevels and also does not specify where a control has no impact level, i.e. none.

Why did you cut corners…

For me, while reviewing requirements for a new Government RFP, I had a need to run a quick audit against 800-53 specifically for low security controls only. I searched online for modified versions but found most to be behind subscription walls, copies of the original, or overly complex. Since I bothered to go through all 1600 or so lines and fill in all impact levels including the none controls, I figured others might want this as well. Here it is linked below in all its glory…

Filtering makes the world a better place

NIST_Scoring_Template

Here is my current updated NIST Controls Audit worksheet I use for my own Corporate NIST Assessments.  The template has a 2nd tab to run a pivot table against the sheet and spit out a table you can use to make pretty charts for your executive team.

NIST_Scoring_Template

Here is the link to the original .txt file provided by NVD/NIST.
NIST 800-53 Rev 4 Original

I also searched online for modified versions but found most to be behind subscription walls, copies of the original, or overly complex.  Maybe some of these will prove useful to you

Tikras.com Excel – The way this one provided low/medium/high impact was ok it looked like they used a parser to break down the sublevels and created additional sub levels that did not seem to exist in the original document.

Cloud Audit Controls – Excel Link – Controls_800_53r4_ver02 This one was great but complicated by its associations with another Cloud Security Controls doc that I did not need.  By the way, Christopher Davis of Cloud Audit Controls puts out some great documentation so check out his site.

Cheers,

-Phil

Recent Posts
Showing 8 comments
  • Jessie Herington
    Reply

    This site is absolutely fabulous!

  • nichole
    Reply

    looks like the link do not work anymore. Is there a way to get them to work again?

    • admin
      Reply

      fixed!

  • Sannyfet
    Reply

    Make a more new posts please 🙂
    ___
    Sanny

  • Cialis
    Reply

    Howdy just wanted to give you a quick heads up. The words in your post
    seem to be running off the screen in Opera. I’m not sure if this is a format
    issue or something to do with internet browser compatibility but I
    figured I’d post to let you know. The style and design look great though!
    Hope you get the problem solved soon. Kudos

  • cialis
    Reply

    Hi, just wanted to say, I liked this post. It was practical.
    Keep on posting!

  • Matt S
    Reply

    the link for the excel sheet gives a 404 error

    • admin
      Reply

      sorry about that. the links have been updated and a new excel i use for NIST audit scoring has been added. Check it out!

Leave a Reply to admin Cancel reply