Sponsored content contributed by AOC Business Partner: Covenant Global
Securing data from cyberattacks is no longer a background issue — it’s an urgent and daily concern for individuals, government entities, and critical infrastructure. Cyber threats targeting local governments have surged, with attacks leaking personal data to the dark web, exposing vulnerabilities in infrastructure, or deploying undetected malware like Project Sauron — which operated silently for five years.
Oregon’s municipalities are under pressure to defend against constant and sophisticated attacks, all while staying compliant with a growing list of regulatory frameworks. The State of Oregon’s Cyber Security Plan outlines mandatory compliance with frameworks like:
- FTI (taxpayer information)
- HIPAA (health records)
- FERPA (education records)
- PCI-DSS (payment data)
- CJIS (criminal justice)
At first glance, the number of overlapping standards may seem overwhelming, if not impossible to track. Adding to the pressure, the plan also mandates alignment with National Institute of Standards and Technology (NIST) 800-53, a deep catalog of 1,500+ security controls. But here’s the good news: most of these frameworks are built on NIST 800-53. Understanding this simplifies compliance, turning a complex challenge into a manageable checklist.
NIST 800-53 isn’t just another requirement — it’s the foundational blueprint trusted by federal agencies and adopted by leading states. It provides the widest range of security controls, purpose-built for diverse government scenarios. That’s why Oregon chose it—and why local governments can trust it to scale with their evolving needs.
Additionally, the NIST Cybersecurity Framework (CSF) helps municipalities not only select the right controls but also implement them strategically. These tools work in tandem:
- 800-53 = the “what” of security
- CSF = the “how” of implementation
A great example? The Lower Colorado River Authority (LCRA) successfully leveraged both to harden infrastructure while simplifying compliance.
The bottom line: Oregon municipalities don’t need to reinvent the wheel. By aligning with the NIST 800-53 and CSF — both purpose-built by U.S. authorities for public-sector resilience — counties can efficiently secure systems, simplify compliance, and better protect their communities. Now is the time to act.
Contributing Author: Daniel Dolinov, Senior Compliance Consultant, Covenant Global