Security - Compliance with Security Controls Equivalent to NIST 800-53 for High-Impact Systems, v1.0

Credential Service Providers must comply with security controls of NIST 800-53 for high impact systems or equivalent.

Assessment Step

Security High Impact (SecurityHighImpact)
Does the CSP comply with NIST 800-53 or equivalent set of security controls?
Provide evidence (e.g. organizational policies, compliance/assessment reports, sample processes) that the CSP complies with required security controls.

Conformance Criteria (1)

The CSP SHALL employ appropriately-tailored security controls from the high baseline of security controls defined in SP 800-53 or an equivalent federal (e.g., FEDRAMP) or industry standard. The CSP SHALL ensure that the minimum assurance-related controls for high-impact systems or equivalent are satisfied.
NIST SP 800-63B
Section 4.3.4 and NIST SP 800-63A: Section 4.5.8