Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Recommended Security Controls for Federal Information Systems [includes updates through 6/17/05]

Published

Author(s)

Ronald S. Ross, Stuart W. Katzke, L A. Johnson, Marianne M. Swanson, G Stoneburner, G Rogers

Abstract

[Superseded by NIST SP 800-53 Revision 1 (December 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50945] The purpose of this publication is to provide guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by: (i) facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems; (ii) providing a recommendation for minimum security controls for information systems categorized in accordance with Federal Information Processing Standards (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems; (iii) promoting a dynamic, extensible catalog of security controls for information systems to meet the demands of changing requirements and technologies; and (iv) creating a foundation for the development of assessment methods and procedures for determining security control effectiveness. The guidelines provided in this special publication are applicable to all federal information systems other than those systems designated as national security systems as defined in 44 U.S.C., Section 3542. The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems. This publication is intended to provide guidance to federal agencies until the publication of FIPS 200, Minimum Security Controls for Federal Information Systems. [Supersedes NIST SP 800-53 (February 2005 w/updates thorugh 4/22/05): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918658]
Citation
Special Publication (NIST SP) - 800-53
Report Number
800-53

Keywords

accreditation, assurance requirements, common security controls, information technology, operational controls, organizational responsibilities, risk assessment, security controls, technical controls

Citation

Ross, R. , Katzke, S. , Johnson, L. , Swanson, M. , Stoneburner, G. and Rogers, G. (2005), Recommended Security Controls for Federal Information Systems [includes updates through 6/17/05], Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed December 2, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 17, 2005, Updated February 19, 2017