NIST SP 800-150

United States

v2016

12 domains

35 controls

Guide to Cyber Threat Information Sharing

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (12)

Establishing Sharing Relationships

3 controls

Controls in the Establishing Sharing Relationships domain of NIST SP 800-150 — 3 controls
Code	Title	Description
TIS-1	Threat Information Sharing Goals and Objectives	Define and document the organisational goals, objectives, and intended outcomes for participating in cyber threat inform...
TIS-2	Roles and Responsibilities for Threat Sharing	Identify and assign roles for producing, consuming, and coordinating cyber threat information, including primary points...
TIS-3	Threat Information Sharing Plan	Document a sharing plan that describes participating communities, types of information to be exchanged, frequency, chann...

Information Acquisition

3 controls

Controls in the Information Acquisition domain of NIST SP 800-150 — 3 controls
Code	Title	Description
TIS-7	Threat Information Sources and Feeds	Identify, evaluate, and document the sources of cyber threat information used by the organisation, including commercial,...
TIS-8	Threat Information Production and Curation	Produce and curate threat information for internal use and external sharing, including indicators, tactics, techniques,...
TIS-9	Indicator and Observable Management	Capture, validate, and manage indicators of compromise and observables across their lifecycle, including expiration, con...

Information Dissemination

3 controls

Controls in the Information Dissemination domain of NIST SP 800-150 — 3 controls
Code	Title	Description
TIS-10	Threat Information Sharing Channels	Use defined channels and formats for sharing cyber threat information, including standardised formats such as STIX and p...
TIS-11	Trust Establishment with Sharing Partners	Establish and maintain trust relationships with sharing partners through vetting, agreements, and ongoing interaction to...
TIS-12	Anonymisation and Attribution Controls	Apply controls that allow contributors to share without unintended attribution, including pseudonymisation, group sharin...

Information Use

2 controls

Controls in the Information Use domain of NIST SP 800-150 — 2 controls
Code	Title	Description
TIS-13	Consumption and Integration of Threat Information	Integrate received threat information into security operations including detection content, hunting, vulnerability triag...
TIS-14	Feedback to Producers and Communities	Provide feedback to information producers and sharing communities regarding the relevance, timeliness, and accuracy of t...

NIST SP 800-150: Access Control

5 controls

Logical and physical access controls (NIST SP 800-150)

Controls in the NIST SP 800-150: Access Control domain of NIST SP 800-150 — 5 controls
Code	Title	Description
SP800-150-ALERTS	Consume and Respond to Security Alerts	Consume security alerts and advisories from sharing partners and respond by applying mitigations to the organization's e...
SP800-150-COMMUNICATE	Engage in Ongoing Communication	Engage in continuous communication with sharing partners to build trust and maintain timely information exchange.
SP800-150-INDICATORS-USE	Consume and Use Indicators	Consume and operationalize threat indicators by integrating them into detection and prevention tools.
SP800-150-JOIN	Join a Sharing Community	Join one or more sharing communities (such as an ISAC or ISAO) to exchange threat information with trusted partners.
SP800-150-SUPPORT	Plan for Ongoing Support	Plan to provide the ongoing resources, infrastructure, and personnel needed to sustain information sharing activities.

NIST SP 800-150: Asset Management

5 controls

Information asset management (NIST SP 800-150)

Controls in the NIST SP 800-150: Asset Management domain of NIST SP 800-150 — 5 controls
Code	Title	Description
SP800-150-DESIGNATIONS	Sharing Designations	Use sharing designations (for example the Traffic Light Protocol) to communicate handling and redistribution restriction...
SP800-150-EXTERNAL	Identify External Sources of Cyber Threat Information	Identify and evaluate external sources and sharing communities that can provide relevant cyber threat information.
SP800-150-PROCEDURES	Sharing and Tracking Procedures	Define procedures for cyber threat information sharing and tracking, including what is shared, with whom, and how it is...
SP800-150-RULES	Establish Information Sharing Rules	Establish rules that control the publication and distribution of threat information, addressing sensitivity, privacy, an...
SP800-150-SENSITIVITY	Information Sensitivity and Privacy	Apply handling rules that protect sensitive and personally identifiable information before threat information is shared.

NIST SP 800-150: Communications Security

0 controls

Network and communications security (NIST SP 800-150)

NIST SP 800-150: Cryptography

2 controls

Cryptographic controls (NIST SP 800-150)

Controls in the NIST SP 800-150: Cryptography domain of NIST SP 800-150 — 2 controls
Code	Title	Description
SP800-150-PRODUCE	Produce and Publish Indicators	Produce, enrich, and publish indicators in standard data formats, protecting sensitive data before distribution to partn...
SP800-150-STORE	Organize and Store Cyber Threat Information	Organize, store, and manage collected cyber threat information to support analysis, correlation, and retrieval.

NIST SP 800-150: Information Security Policies

5 controls

Organizational information security policies (NIST SP 800-150)

Controls in the NIST SP 800-150: Information Security Policies domain of NIST SP 800-150 — 5 controls
Code	Title	Description
SP800-150-BENEFITS	Benefits of Information Sharing	Recognize the benefits of sharing, including shared situational awareness, improved defensive posture, and greater defen...
SP800-150-CHALLENGES	Challenges to Information Sharing	Address challenges including establishing trust, protecting sensitive information, achieving interoperability, and manag...
SP800-150-GOALS	Define Information Sharing Goals and Objectives	Define information sharing goals and objectives that support the organization's overall mission and cybersecurity strate...
SP800-150-INFO-TYPES	Threat Information Types	Identify the categories of cyber threat information (indicators, tactics/techniques/procedures, security alerts, threat...
SP800-150-INTERNAL	Identify Internal Sources of Cyber Threat Information	Identify existing internal sources of cyber threat information such as logs, sensors, and incident reports that can be s...

NIST SP 800-150: Operations Security

0 controls

Secure operations and monitoring (NIST SP 800-150)

Pre-Sharing Considerations

3 controls

Controls in the Pre-Sharing Considerations domain of NIST SP 800-150 — 3 controls
Code	Title	Description
TIS-4	Legal, Regulatory, and Contractual Review	Review legal, regulatory, and contractual obligations that affect threat information sharing, including privacy laws, se...
TIS-5	Information Handling and Sensitivity Marking	Apply handling rules and sensitivity markings such as the Traffic Light Protocol to shared cyber threat information so r...
TIS-6	Data Minimisation and Sanitisation	Sanitise and minimise threat information before sharing to remove sensitive personal data, proprietary content, or attri...

Programme Operations

4 controls

Controls in the Programme Operations domain of NIST SP 800-150 — 4 controls
Code	Title	Description
TIS-15	Operational Security of Sharing Activities	Protect the confidentiality and integrity of threat sharing activities, including secure access to platforms, protected...
TIS-16	Threat Sharing Programme Metrics	Define and report metrics that measure the value, performance, and maturity of the threat information sharing programme...
TIS-17	Incident-Driven Sharing	Share information arising from incidents with appropriate partners and communities while protecting investigation integr...
TIS-18	Continuous Improvement and Programme Review	Review and improve the threat information sharing programme at a defined cadence, incorporating lessons learned and chan...

Maps to 1 other framework

35 total controls

NIST SP 800-53 Rev 5

17 source controls mapped|6 target controls covered

49%

Compare NIST SP 800-150 with NIST SP 800-53 Rev 5

Frequently Asked Questions

What is NIST SP 800-150?

NIST SP 800-150 is a compliance framework from United States with 12 domains and 35 controls. Guide to Cyber Threat Information Sharing It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does NIST SP 800-150 have?

NIST SP 800-150 has 35 controls organised across 12 domains. The largest domains are NIST SP 800-150: Access Control (5 controls), NIST SP 800-150: Asset Management (5 controls), NIST SP 800-150: Information Security Policies (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does NIST SP 800-150 map to?

NIST SP 800-150 maps to 1 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (49% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with NIST SP 800-150 compliance?

Start your NIST SP 800-150 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST SP 800-150 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 35 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required