What is NIST 800-53

NIST 800-53 (SP 800-53) is a publication by the National Institute of Standards and Technology (NIST). It covers various aspects of information security, including access control, incident response, cryptography, configuration management, and more.

Example of NIST 800-53 policies in SSD

• Branch Deletion Prevention Policy - While the default branch can’t be deleted directly even if the setting is on, in general, it is best practice to prevent branches from being deleted by anyone with write access.

• Branch Protection Policy - Repositories should have branch protection enabled requiring all code changes to be reviewed. This means disabling Push events and requiring Pull/Merge Requests to have code reviews.

• Bot User should not be an Org Owner - The bot user should not be an organization owner.

• C-0054 - MITRE - Cluster internal networking - Exposing a sensitive interface to the internet poses a security risk. Some popular frameworks were not intended to be exposed to the internet, and therefore dont require authentication by default. Thus, exposing them to the internet allows unauthenticated access to a sensitive interface which might enable running code or deploying containers in the cluster by a malicious actor. Examples of such interfaces that were seen exploited include Apache NiFi, Kubeflow, Argo Workflows, Weave Scope, and the Kubernetes dashboard.