U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8011 Vol. 1

Automation Support for Security Control Assessments: Volume 1: Overview

Date Published: June 2017


Kelley Dempsey (NIST), Paul Eavy (DHS), George Moore (APL)



actual state; assessment; assessment boundary; assessment method; authorization boundary; automated security control assessment; automation; capability; continuous diagnostics and mitigation; information security continuous monitoring; dashboard; defect; defect check; desired state specification; ISCM dashboard; mitigation; ongoing assessment; root cause analysis; security automation; security capability; security control; security control assessment; security control item
Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Risk Assessment


NISTIR 8011 Vol. 1 (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8011 Vol. 2
NISTIR 8011 Vol. 3
NISTIR 8011 Vol. 4

Related NIST Publications:
SP 800-53A Rev. 4
SP 800-53 Rev. 4

Document History:
02/02/16: NISTIR 8011 Vol. 1 (Draft)
06/06/17: NISTIR 8011 Vol. 1 (Final)