U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

tailoring

Definition(s):

  The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Source(s):
NIST SP 800-12 Rev. 1 under Tailoring from NIST SP 800-37
NIST SP 800-137 under Tailoring from CNSSI 4009
NIST SP 800-30 Rev. 1 under Tailoring from NIST SP 800-53, CNSSI 4009
NIST SP 800-39 under Tailoring from NIST SP 800-53, CNSSI 4009
NIST SP 800-37 Rev. 1 [Superseded] under Tailoring

  The process by which security control baselines are modified by identifying and designating common controls; applying scoping considerations; selecting compensating controls; assigning specific values to agency-defined control parameters; supplementing baselines with additional controls or control enhancements; and providing additional specification information for control implementation. The tailoring process may also be applied to privacy controls.
Source(s):
NIST SP 800-37 Rev. 2

  The process by which security control baselines are modified by: (i) identifying and designating common controls; (ii) applying scoping considerations on the applicability and implementation of baseline controls; (iii) selecting compensating security controls; (iv) assigning specific values to organization-defined security control parameters; (v) supplementing baselines with additional security controls or control enhancements; and (vi) providing additional specification information for control implementation. [Note: Certain tailoring activities can also be applied to privacy controls.]
Source(s):
NIST SP 800-53A Rev. 4 under Tailoring from NIST SP 800-53

  The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Source(s):
CNSSI 4009-2015 from NIST SP 800-37 Rev. 1

  The process by which assessment procedures defined in Special Publication 800-53A are adjusted, or scoped, to match the characteristics of the information system under assessment, providing organizations with the flexibility needed to meet specific organizational requirements and to avoid overly-constrained assessment approaches.
Source(s):
NIST SP 800-53A Rev. 4 under Tailoring (Assessment Procedures)

  Similar in concept to tailoring baselines as described in SP 800-53, a cooperative process that modifies part of a set of assessment elements by: (i) changing the scope of the assessment or risk management level, (ii) adding or eliminating assessment elements, or (iii) modifying the attributes of an assessment element.
Source(s):
NIST SP 800-137A from NIST SP 800-53 Rev. 4 - Adapted

  The process by which security control baselines are modified by: identifying and designating common controls, applying scoping considerations on the applicability and implementation of baseline controls, selecting compensating security controls, assigning specific values to organization-defined security control parameters, supplementing baselines with additional security controls or control enhancements, and providing additional specification information for control implementation.
Source(s):
NIST SP 800-53 Rev. 5

  The process by which security and privacy control baselines are modified by identifying and designating common controls, applying scoping considerations on the applicability and implementation of baseline controls, selecting compensating controls, assigning specific values to organization-defined control parameters, supplementing baselines with additional controls or control enhancements, and providing additional specification information for control implementation.
Source(s):
NIST SP 800-53B

  An element that specifies profiles to modify the behavior of a benchmark; the top-level element of a tailoring document.
Source(s):
NISTIR 7275 Rev. 4 under Tailoring

  The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Source(s):
NISTIR 8170 under Tailoring from NIST SP 800-53, CNSSI 4009

  The process by which security control baselines are modified by: (i) identifying and designating common controls; (ii) applying scoping considerations on the applicability and implementation of baseline controls; (iii) selecting compensating security controls; (iv) assigning specific values to organization-defined security control parameters; (v) supplementing baselines with additional security controls or control enhancements; and (vi) providing additional specification information for control implementation.
Source(s):
NIST SP 800-53 Rev. 4 [Superseded] under Tailoring