Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans

Published

Author(s)

Ronald S. Ross, L A. Johnson, Stuart W. Katzke, Patricia R. Toth, G. Stoneburner, G Rogers

Abstract

[Superseded by NIST SP 800-53A, Rev. 1 (June 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906065] The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and procedures to enable the assessment of security controls employed in information systems supporting the executive agencies of the federal government. Organizations should use this publication in conjunction with an approved system security plan to create a viable security assessment plan for producing and compiling the information necessary to determine the effectiveness of the security controls employed within the information system. The assessment procedures should be used as a starting point for and as input to the security assessment. SP800-53A guidelines are applicable to all federal information systems other than those systems designated as national security systems as defined in 44 U.S.C., Section 3542. The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems. This publication is intended to serve a diverse group of information system and information security professionals, including individuals with information system and security management and oversight responsibilities, integration responsibilities, operational responsibilities, and security assessment and monitoring responsibilities.
Citation
Special Publication (NIST SP) - 800-53A
Report Number
800-53A

Keywords

categorization, FISMA, penetration testing, risk management, security assessment plans, security controls

Citation

Ross, R. , Johnson, L. , Katzke, S. , Toth, P. , Stoneburner, G. and Rogers, G. (2008), Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed January 26, 2022)
Created July 1, 2008, Updated February 19, 2017