NIST logo

Publication Citation: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans (NIST SP 800-53A)

NIST Authors in Bold

Author(s): Ronald S. Ross; L A. Johnson; Stuart W. Katzke; Patricia R. Toth; G. Stoneburner; G Rogers;
Title: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans (NIST SP 800-53A)
Published: July 01, 2008
Abstract: [Superseded by NIST SP 800-53A, Rev. 1 (June 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906065] The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and procedures to enable the assessment of security controls employed in information systems supporting the executive agencies of the federal government. Organizations should use this publication in conjunction with an approved system security plan to create a viable security assessment plan for producing and compiling the information necessary to determine the effectiveness of the security controls employed within the information system. The assessment procedures should be used as a starting point for and as input to the security assessment. SP800-53A guidelines are applicable to all federal information systems other than those systems designated as national security systems as defined in 44 U.S.C., Section 3542. The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems. This publication is intended to serve a diverse group of information system and information security professionals, including individuals with information system and security management and oversight responsibilities, integration responsibilities, operational responsibilities, and security assessment and monitoring responsibilities.
Citation: NIST SP - 800-53
Keywords: FISMA, security controls, risk management, categorization, security assessment plans, penetration testing
Research Areas: Cybersecurity