Date Published: January 2007
Author(s)
Shirley Radack (NIST)
This bulletin summarizes the information provided in NIST SP 800-53, concerning the guidance developed for federal agencies in selecting and specifying security controls for their information systems. The bulletin discusses the contents of SP 800-53 and its supplemental publications, and explains how to gain access to the guidance. Topics covered in the bulletin include: how security controls should be selected and used as part of a well-defined and documented information security program; the requirements of the Federal Information Security Management Act (FISMA) and the standards and guidelines developed by NIST under the FISMA; the risk management approach to selecting controls as part of an organization¿s information security program; the tailoring guidance introduced in the guide to give federal agencies flexibility in responding to known threats and in taking action on agency-identified risks. References are provided to NIST publications that support the risk management process and the selection, implementation, and assessment of security controls.
This bulletin summarizes the information provided in NIST SP 800-53, concerning the guidance developed for federal agencies in selecting and specifying security controls for their information systems. The bulletin discusses the contents of SP 800-53 and its supplemental publications, and explains...
See full abstract
This bulletin summarizes the information provided in NIST SP 800-53, concerning the guidance developed for federal agencies in selecting and specifying security controls for their information systems. The bulletin discusses the contents of SP 800-53 and its supplemental publications, and explains how to gain access to the guidance. Topics covered in the bulletin include: how security controls should be selected and used as part of a well-defined and documented information security program; the requirements of the Federal Information Security Management Act (FISMA) and the standards and guidelines developed by NIST under the FISMA; the risk management approach to selecting controls as part of an organization¿s information security program; the tailoring guidance introduced in the guide to give federal agencies flexibility in responding to known threats and in taking action on agency-identified risks. References are provided to NIST publications that support the risk management process and the selection, implementation, and assessment of security controls.
Hide full abstract
Keywords
Federal Information Security Management Act; FIPS; information security; information systems; minimum security requirements; risk management; security controls
Control Families
Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity