Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Assessing the Effectiveness of Security Controls in Federal Information Systems

NIST Authors in Bold

Author(s): Shirley M. Radack;
Title: Assessing the Effectiveness of Security Controls in Federal Information Systems
Published: August 23, 2010
Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans. The revised guide updates an earlier guide for assessing security controls, and describes the fundamental concepts associated with security control assessments. The publication covers the integration of assessments into the system development life cycle; the importance of an organization-wide strategy for conducting security control assessments; the development of assurance cases to help organizational officials determine the effectiveness of security controls and the overall security of the information system; and the format and content of assessment procedures. The guide details the process for assessing the security controls in organizational information systems and their environments of operation. The bulletin discusses the process for the selection and implementation of security controls, and the integration of security controls assessments into the risk management framework. The bulletin also provides links to publications that present additional information on security controls and the risk management framework.
Citation: ITLB -
Pages: 7 pp.
Keywords: assessment procedures, assurance cases, data availability, data confidentiality, data integrity, FISMA, information security, information systems security, risk assessment, risk management, security assessment plans, security controls, security controls assessments, system development life cycle
Research Areas: Information Technology, Computer Security, Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (41KB)