The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Sources:
NIST SP 800-12 Rev. 1
under Tailoring
NIST SP 800-137
under Tailoring
from
CNSSI 4009
NIST SP 800-30 Rev. 1
under Tailoring
from
CNSSI 4009
NIST SP 800-39
under Tailoring
from
CNSSI 4009
The process by which security control baselines are modified by identifying and designating common controls; applying scoping considerations; selecting compensating controls; assigning specific values to agency-defined control parameters; supplementing baselines with additional controls or control enhancements; and providing additional specification information for control implementation. The tailoring process may also be applied to privacy controls.
Sources:
NIST SP 800-37 Rev. 2
from
OMB Circular A-130 (2016)
The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Sources:
CNSSI 4009-2015
Similar in concept to tailoring baselines as described in SP 800-53, a cooperative process that modifies part of a set of assessment elements by: (i) changing the scope of the assessment or risk management level, (ii) adding or eliminating assessment elements, or (iii) modifying the attributes of an assessment element.
Sources:
NIST SP 800-137A
The process by which security control baselines are modified by: identifying and designating common controls, applying scoping considerations on the applicability and implementation of baseline controls, selecting compensating security controls, assigning specific values to organization-defined security control parameters, supplementing baselines with additional security controls or control enhancements, and providing additional specification information for control implementation.
Sources:
NIST SP 800-53 Rev. 5
NIST SP 800-53A Rev. 5
from
NIST SP 800-53B
The process by which security and privacy control baselines are modified by identifying and designating common controls, applying scoping considerations on the applicability and implementation of baseline controls, selecting compensating controls, assigning specific values to organization-defined control parameters, supplementing baselines with additional controls or control enhancements, and providing additional specification information for control implementation.
Sources:
NIST SP 800-53B
An element that specifies profiles to modify the behavior of a benchmark; the top-level element of a tailoring document.
Sources:
NISTIR 7275 Rev. 4
under Tailoring
The process by which a security control baseline is modified based on:
(i) the application of scoping guidance;
(ii) the specification of compensating security controls, if needed; and
(iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Sources:
NISTIR 8170
under Tailoring
from
CNSSI 4009