U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8011 Vol. 1

Automation Support for Security Control Assessments: Volume 1: Overview

Date Published: June 2017

Planning Note (2/22/2023):

The NIST Risk Management Framework (RMF) team seeks feedback on our NIST IR 8011 series publications and their use.

See the Call for Feedback to learn more details about what we would like to know. Feedback can be sent to 8011comments@list.nist.gov; there is no closing date.


Author(s)

Kelley Dempsey (NIST), Paul Eavy (DHS), George Moore (APL)

Abstract

Keywords

assessment; assessment boundary; assessment method; authorization boundary; automated security control assessment; automation; capability; continuous diagnostics and mitigation; information security continuous monitoring; dashboard; defect; defect check; desired state specification; ISCM dashboard; mitigation; ongoing assessment; root cause analysis; security automation; security capability; security control; security control assessment; actual state; security control item
Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Risk Assessment

Documentation

Publication:
NISTIR 8011 Vol. 1 (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8011 Vol. 2
NISTIR 8011 Vol. 3
NISTIR 8011 Vol. 4

Related NIST Publications:
SP 800-53A Rev. 4
SP 800-53 Rev. 4

Document History:
02/02/16: NISTIR 8011 Vol. 1 (Draft)
06/06/17: NISTIR 8011 Vol. 1 (Final)