FIPS 200, Minimum Security Requirements for Federal Information and Information Systems
- Specifies minimum security requirements for information and systems supporting the executive agencies of the federal government and a risk-based process for selecting the controls necessary to satisfy the minimum security requirements.
NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations
- Catalog of security and privacy controls for all types of systems and organizations.
- The controls are flexible and customizable to meet mission and business needs, and are implemented as part of an organization-wide process to manage risk.
NIST SP 800-53B, Control Baselines for Information Systems and Organizations
- Security and privacy control baselines for the Federal Government.
- Three security control baselines (one for each impact level - low-impact, moderate-impact, and high-impact).
- Privacy control baselines applied to systems irrespective of impact level
- Provides guidance on tailoring and development of overlays to facilitate control baseline customization for specific communities of interest, technologies, and environments of operation.