Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

Published

Author(s)

Ronald S. Ross

Abstract

[Superseded by SP 800-53A Rev. 5 (January 2022): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933932] This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 4. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security control assessments and privacy control assessments that support organizational risk management processes and that are aligned with the stated risk tolerance of the organization. Information on building effective security assessment plans and privacy assessment plans is also provided along with guidance on analyzing assessment results. [Supersedes SP 800-53A Rev. 1 (June 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906065]
Citation
Special Publication (NIST SP) - 800-53A Rev 4
Report Number
800-53A Rev 4

Keywords

Assessment, assurance, E-Government Act, FISMA, Privacy Act, privacy controls, privacy requirements, Risk Management Framework, security controls, security requirements.

Citation

Ross, R. (2014), Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-53Ar4 (Accessed March 28, 2024)
Created December 10, 2014, Updated January 26, 2022