Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

FISMA Implementation Project FISMA

Publications

The following NIST-authored publications are directly related to this project.

Series & Number Title Status Released
SP 800-137A Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment Final 05/21/2020
NISTIR 8011 Vol. 4 Automation Support for Security Control Assessments: Software Vulnerability Management Final 04/28/2020
SP 800-53 Rev. 5 (Draft) Security and Privacy Controls for Information Systems and Organizations (Final Public Draft) Draft 03/16/2020
SP 800-160 Vol. 2 Developing Cyber Resilient Systems: A Systems Security Engineering Approach Final 11/27/2019
SP 800-128 Guide for Security-Focused Configuration Management of Information Systems Final 10/10/2019
SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy Final 12/20/2018
NISTIR 8011 Vol. 3 Automation Support for Security Control Assessments: Software Asset Management Final 12/06/2018
SP 800-160 Vol. 1 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Final 03/21/2018
SP 800-12 Rev. 1 An Introduction to Information Security Final 06/22/2017
NISTIR 8011 Vol. 1 Automation Support for Security Control Assessments: Volume 1: Overview Final 06/06/2017
NISTIR 8011 Vol. 2 Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management Final 06/06/2017
SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations Final 01/22/2015
SP 800-53A Rev. 4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans Final 12/18/2014
SP 800-30 Rev. 1 Guide for Conducting Risk Assessments Final 09/17/2012
SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Final 09/30/2011
SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View Final 03/01/2011
SP 800-60 Vol. 1 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories Final 08/01/2008
SP 800-60 Vol. 2 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices Final 08/01/2008
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems Final 03/01/2006
SP 800-18 Rev. 1 Guide for Developing Security Plans for Federal Information Systems Final 02/24/2006
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Final 02/01/2004
SP 800-59 Guideline for Identifying an Information System as a National Security System Final 08/20/2003
Created November 30, 2016, Updated July 08, 2020