NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Automation Support for Control Assessments – Project Update and Vision
Published
Author(s)
Eduardo Takamura, Jeremy Licata, Victoria Yan Pillitteri
Abstract
In 2017, NIST published a methodology for supporting the automation of SP 800-53 control assessments in the form of IR 8011. IR 8011 is a multi-volume series that starts with an overview of the methodology (volume 1) and provides guidance and specifications for automating the assessment of controls that support specific information security continuous monitoring security capabilities, one volume per capability. Four volumes have been released so far, and more volumes are in development. In 2023, the NIST Risk Management Framework project — responsible for the development and maintenance of FISMA-supporting technical publications and the IR 8011 series — performed an internal review of the IR 8011 project. This review yielded results that offered the IR 8011 Development Team opportunities to improve the current IR 8011 methodology, facilitate its adoption, and more. This cybersecurity white paper summarizes some of the findings from this internal review.
Takamura, E.
, Licata, J.
and Pillitteri, V.
(2023),
Automation Support for Control Assessments – Project Update and Vision, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.30, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=956740
(Accessed October 13, 2025)