Publications
Withdrawn on June 29, 2011.
Security Assessments: Tools for Measuring the Effectiveness of Security Controls
Documentation
Date Published: August 2008
Author(s)
Shirley Radack (NIST)
This bulletin summarizes information disseminated in NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, by Ron Ross, Arnold Johnson, Stu Katzke, and Patricia Toth of NIST, by Gary Stoneburner of the Johns Hopkins University Applied Physics Laboratory, and by George Rogers of BAE Systems. SP 800-53A is a companion guideline to NIST SP 800-53, Recommended Security Controls for Federal Information Systems. Both of these publications emphasize the use of security control assessments within an effective risk management framework. The bulletin covers the requirements for security controls under the Federal Information Security Management Act (FISMA) of 2002, and the Risk Management Framework, which was developed by NIST and which provides the structure for selecting and assessing security controls. The bulletin also summarizes the activities that NIST recommend organizations conduct to assess the effectiveness of their security controls.
This bulletin summarizes information disseminated in NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, by Ron Ross, Arnold Johnson, Stu Katzke, and Patricia Toth of NIST, by Gary Stoneburner of the Johns Hopkins University Applied Physics...
See full abstract
This bulletin summarizes information disseminated in NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, by Ron Ross, Arnold Johnson, Stu Katzke, and Patricia Toth of NIST, by Gary Stoneburner of the Johns Hopkins University Applied Physics Laboratory, and by George Rogers of BAE Systems. SP 800-53A is a companion guideline to NIST SP 800-53, Recommended Security Controls for Federal Information Systems. Both of these publications emphasize the use of security control assessments within an effective risk management framework. The bulletin covers the requirements for security controls under the Federal Information Security Management Act (FISMA) of 2002, and the Risk Management Framework, which was developed by NIST and which provides the structure for selecting and assessing security controls. The bulletin also summarizes the activities that NIST recommend organizations conduct to assess the effectiveness of their security controls.
Hide full abstract
Keywords
FISMA; information systems security; information technology; risk management framework; security assessments; security controls; security plans; security threats; security vulnerabilities; null
Control Families
None selected
Documentation
Publication:
No Download Available
Supplemental Material:
None available
Document History:
08/21/08: ITL Bulletin (Final)