Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

Joint Task Force Transformation Initiative

doi:https://doi.org/10.6028/NIST.SP.800-53Ar4

SP 800-53A Rev. 4

To be withdrawn on January 25, 2023

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

Documentation Topics

Date Published: December 2014 (Updated 12/18/2014)

Superseded By: SP 800-53A Rev. 5 (01/25/2022)
Supersedes: SP 800-53A Rev. 4 (12/11/2014)

Planning Note (1/25/2022): This publication will be officially withdrawn January 25, 2023, one year after the release of Revision 5.

Author(s)

Joint Task Force Transformation Initiative

Abstract

This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 4. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security control assessments and privacy control assessments that support organizational risk management processes and that are aligned with the stated risk tolerance of the organization. Information on building effective security assessment plans and privacy assessment plans is also provided along with guidance on analyzing assessment results.

Keywords

security controls; assurance; E-Government Act; security requirements; assessment; FISMA; Privacy Act; privacy controls; Risk Management Framework; privacy requirements

Control Families

Assessment, Authorization and Monitoring; Program Management; Risk Assessment

Documentation

Publication:
SP 800-53A Rev. 4 (DOI)
Local Download

Supplemental Material:
Word version of SP 800-53A Rev. 4 (12-18-2014) (word)
Downloads (XML, CSV) (web)
Press Release (other)

Related NIST Publications:
SP 800-53 Rev. 4
SP 800-171A
NISTIR 8011 Vol. 1
NISTIR 8011 Vol. 2
NISTIR 8011 Vol. 3

Document History:
12/18/14: SP 800-53A Rev. 4 (Final)

Topics

Security and Privacy
audit & accountability; privacy; risk management

Laws and Regulations
Federal Information Security Modernization Act