Skip to main content

Save or Share this Report

For Security & Risk Professionals

Simplify Cybersecurity With PCI

Policy And Procedures US Government Spotlight: The Security Architecture And Operations Playbook

October 11, 2012

Authors

Why Read This Report

US federal law, specifically the Federal Information Security Management Act (FISMA), requires US federal government agencies to adhere to National Institute of Standards and Technology (NIST) security standards and guidelines (specifically NIST 800-53). That's easier said than done. NIST 800-53 leaves a lot of room for interpretation, and many security and risk (S&R) pros in government turn to other standards such as the ISO 27000 family or the US Department of Defense's Information Assurance Certification and Accreditation Process (DIACAP) standard to find the specifics they need. However, neither standard fits the bill for a civilian agency, as ISO can be too high-level while the DoD standard is overkill. Forrester contends that the Payment Card Industry (PCI) data security standard (PCI DSS) holds promise as an additional baseline that can augment NIST 800-53. In this report, we map NIST 800-53 to PCI to provide prescriptive guidance for meeting NIST 800-53 requirements.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($745 USD).

Purchase

Table of Contents

  • Cybersecurity And Information Security: Same Goal, Different Drivers
  • NIST 800-53 Overwhelms Government Cybersecurity Efforts
  • PCI Is The Best Alternative To Augment And Decipher NIST 800-53
  • How To Get The Most Out Of PCI To Simplify Cybersecurity
  • WHAT IT MEANS

  • Use PCI To Simplify Cybersecurity
  • Related Research Documents

Recommended Research