Assessing the Effectiveness of Security Controls in Federal Information Systems
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans. The revised guide updates an earlier guide for assessing security controls, and describes the fundamental concepts associated with security control assessments. The publication covers the integration of assessments into the system development life cycle; the importance of an organization-wide strategy for conducting security control assessments; the development of assurance cases to help organizational officials determine the effectiveness of security controls and the overall security of the information system; and the format and content of assessment procedures. The guide details the process for assessing the security controls in organizational information systems and their environments of operation. The bulletin discusses the process for the selection and implementation of security controls, and the integration of security controls assessments into the risk management framework. The bulletin also provides links to publications that present additional information on security controls and the risk management framework.
assessment procedures, assurance cases, data availability, data confidentiality, data integrity, FISMA, information security, information systems security, risk assessment, risk management, security assessment plans, security controls, security controls assessments, system development life cycle
Assessing the Effectiveness of Security Controls in Federal Information Systems, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906601
(Accessed April 21, 2021)