Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/15/2014]

NIST Authors in Bold

Author(s): Ronald S. Ross;
Title: Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/15/2014]
Published: January 15, 2014
Abstract: [Superseded by NIST SP 800-53 Rev. 4(April 2013 w/ updates through 1/22/15): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917904] This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors (both intentional and unintentional). The security and privacy controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk. The controls address a diverse set of security and privacy requirements across the federal government and critical infrastructure, derived from legislation, Executive Orders, policies, directives, regulations, standards, and/or mission/business needs. The publication also describes how to develop specialized sets of controls, or overlays, tailored for specific types of missions/business functions, technologies, or environments of operation. Finally, the catalog of security controls addresses security from both a functionality perspective (the strength of security functions and mechanisms provided) and an assurance perspective (the measures of confidence in the implemented security capability). Addressing both security functionality and assurance helps to ensure that information technology component products and the information systems built from those products using sound system and security engineering principles are sufficiently trustworthy. [Supersedes NIST SP 800-53 Rev. 4 (April 2013 w/ updates through 5/7/13): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913693]
Citation: Special Publication (NIST SP) - 800-53 Rev 4
Pages: 460 pp.
Keywords: assurance, computer security, FIPS Publication 199, FIPS Publication 200, FISMA, Privacy Act, Risk Management Framework, security controls, security requirements
Research Areas: Information Technology, Computer Security