title: NIST 800-53
NIST 800-53 Compliance
NIST SP 800-53 defines security and privacy controls for federal information systems. It's the foundation for FedRAMP authorization. Vigo maps 41 controls across 10 control families.
Coverage Summary
| Family | Name | Controls |
|---|---|---|
| AC | Access Control | 8 |
| AU | Audit and Accountability | 8 |
| CA | Assessment, Authorization, Monitoring | 1 |
| CM | Configuration Management | 7 |
| CP | Contingency Planning | 2 |
| IA | Identification and Authentication | 3 |
| IR | Incident Response | 3 |
| SC | System and Communications Protection | 5 |
| SI | System and Information Integrity | 4 |
Quick Start
cp example-configs/stockpile/modules/compliance/nist-800-53/*.vgo.example /srv/vigo/stockpile/modules/
for f in /srv/vigo/stockpile/modules/nist-*.vgo.example; do mv "$f" "${f%.example}"; done
cp example-configs/stockpile/compliance-roles.vgo.example /srv/vigo/stockpile/compliance-roles.vgo
Assign the nist-800-53 role to nodes:
envoys:
- match: "*.example.com"
roles: [nist-800-53]
Then publish and verify: vigocli config publish && vigocli report nist
Generating Reports
vigocli report nist
vigocli report nist --format html --output nist-report.html
Cross-Reference
| NIST 800-53 | HIPAA | SOC 2 | ISO 27001 |
|---|---|---|---|
| AC-2 | 164.312(a)(2)(i) | CC6.2 | A.9.2.1 |
| AU-2 | 164.312(b) | CC7.3 | A.12.4.1 |
| CM-3 | 164.312(e)(2)(i) | CC8.1 | A.12.1.2 |
| SC-8 | 164.312(e)(1) | CC5.2 | A.13.2.1 |
| SI-7 | 164.312(c)(1) | CC7.1 | A.12.6.1 |