Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

tailoring

Abbreviation(s) and Synonym(s):

None

Definition(s):

  The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Source(s):
NIST SP 800-37 Rev. 1 under Tailoring
NIST SP 800-12 Rev. 1 under Tailoring (NIST SP 800-37)
NIST SP 800-137 under Tailoring (CNSSI 4009)
NIST SP 800-30 Rev. 1 under Tailoring (NIST SP 800-53, CNSSI 4009)
NIST SP 800-39 under Tailoring (NIST SP 800-53, CNSSI 4009)

  The process by which security control baselines are modified by: (i) identifying and designating common controls; (ii) applying scoping considerations on the applicability and implementation of baseline controls; (iii) selecting compensating security controls; (iv) assigning specific values to organization-defined security control parameters; (v) supplementing baselines with additional security controls or control enhancements; and (vi) providing additional specification information for control implementation.
Source(s):
NIST SP 800-53 Rev. 4 under Tailoring

  The process by which security control baselines are modified by: (i) identifying and designating common controls; (ii) applying scoping considerations on the applicability and implementation of baseline controls; (iii) selecting compensating security controls; (iv) assigning specific values to organization-defined security control parameters; (v) supplementing baselines with additional security controls or control enhancements; and (vi) providing additional specification information for control implementation. [Note: Certain tailoring activities can also be applied to privacy controls.]
Source(s):
NIST SP 800-53A Rev. 4 under Tailoring (NIST SP 800-53)

  The process by which assessment procedures defined in Special Publication 800-53A are adjusted, or scoped, to match the characteristics of the information system under assessment, providing organizations with the flexibility needed to meet specific organizational requirements and to avoid overly-constrained assessment approaches.
Source(s):
NIST SP 800-53A Rev. 4 under Tailoring (Assessment Procedures)

  The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Source(s):
CNSSI 4009-2015 (NIST SP 800-37 Rev. 1)

  An element that specifies profiles to modify the behavior of a benchmark; the top-level element of a tailoring document.
Source(s):
NISTIR 7275 Rev. 4 under Tailoring