@misc{8281,
  author = {Ronald Ross and L Johnson},
  title = {Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans},
  year = {2010},
  month = {2010-06-29},
  publisher = {Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD},
  url = {https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906065},
  language = {en},
}