Date Published: December 2014 (Updated 12/18/2014)
Supersedes:
SP 800-53A Rev. 4 (12/11/2014)
Planning Note (5/25/2018):
See the current publishing schedule.
Author(s)
Joint Task Force Transformation Initiative
This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 4. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security control assessments and privacy control assessments that support organizational risk management processes and that are aligned with the stated risk tolerance of the organization. Information on building effective security assessment plans and privacy assessment plans is also provided along with guidance on analyzing assessment results.
This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the...
See full abstract
This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 4. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security control assessments and privacy control assessments that support organizational risk management processes and that are aligned with the stated risk tolerance of the organization. Information on building effective security assessment plans and privacy assessment plans is also provided along with guidance on analyzing assessment results.
Hide full abstract
Keywords
privacy controls; privacy requirements; Risk Management Framework; security controls; assurance; E-Government Act; security requirements; assessment; Privacy Act; FISMA
Control Families
Assessment, Authorization and Monitoring; Program Management; Risk Assessment
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
