Publications
Withdrawn on December 10, 2015.
Assessing the Effectiveness of Security Controls in Federal Information Systems
Documentation
Date Published: August 2010
Author(s)
Shirley Radack (NIST)
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans. The revised guide updates an earlier guide for assessing security controls, and describes the fundamental concepts associated with security control assessments. The publication covers the integration of assessments into the system development life cycle; the importance of an organization-wide strategy for conducting security control assessments; the development of assurance cases to help organizational officials determine the effectiveness of security controls and the overall security of the information system; and the format and content of assessment procedures. The guide details the process for assessing the security controls in organizational information systems and their environments of operation. The bulletin discusses the process for the selection and implementation of security controls, and the integration of security controls assessments into the risk management framework. The bulletin also provides links to publications that present additional information on security controls and the risk management framework.
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans. The revised guide updates an earlier guide for assessing...
See full abstract
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans. The revised guide updates an earlier guide for assessing security controls, and describes the fundamental concepts associated with security control assessments. The publication covers the integration of assessments into the system development life cycle; the importance of an organization-wide strategy for conducting security control assessments; the development of assurance cases to help organizational officials determine the effectiveness of security controls and the overall security of the information system; and the format and content of assessment procedures. The guide details the process for assessing the security controls in organizational information systems and their environments of operation. The bulletin discusses the process for the selection and implementation of security controls, and the integration of security controls assessments into the risk management framework. The bulletin also provides links to publications that present additional information on security controls and the risk management framework.
Hide full abstract
Keywords
assessment procedures; assurance cases; data availability; data confidentiality; data integrity; FISMA; information security; information systems security; risk assessment; risk management; security assessment plans; security controls; security controls assessments; system development life cycle
Control Families
None selected
Documentation
Publication:
No Download Available
Supplemental Material:
None available
Document History:
08/23/10: ITL Bulletin (Final)