Abstract
[Superseded by SP 800-37 Rev. 1 (February 2010):
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=904985] The purpose of this publication is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by: i) enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; ii) promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and iii) creating more complete, reliable, and trustworthy information for authorizing officials--to facilitate more informed security accreditation decisions.