[Superseded by SP 800-18 Revision 1 (February 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150601
] Today's rapidly changing technical environment requires federal agencies to adopt a minimum set of management controls to protect their information technology (IT) resources. These management controls are directed at individual information technology users in order to reflect the distributed nature of today's technology. Technical and operational controls support management controls. To be effective, these controls all must interrelate. This document provides a guideline for federal agencies to follow when developing the security plans that document the management, technical, and operational controls for federal automated information systems.