Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Revised Catalog of Security Controls for Federal Information Systems and Organizations: For Use in Both National Security and Nonnational Security Systems

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information presented in NIST Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, on the catalog of security controls for information systems. These best practices are broad based and comprehensive safeguards and countermeasures for protecting today s information systems. The publication presents a uniform approach to describing controls for both national security and non-national security applications to help government organizations address advanced cyber threats that can exploit vulnerabilities in federal information systems. The bulletin explains the role of security controls in the risk management process that IT managers apply to balance the operational and economic costs of protective measures for their information and IT systems with the gains in capabilities and improved support of organizational mission that result from the use of efficient protection procedures. Information is provided about how the information on security controls is organized in the publication and how to access NIST standards and guidelines that pertain to security controls.
Citation
ITL Bulletin -

Keywords

Federal Information Processing Standards, Federal Information Security Management Act, FISMA, information security, information system security, minimum security requirements, NIST Special Publications, risk management, Risk Management Framework, security categorization, security controls

Citation

Radack, S. (2009), Revised Catalog of Security Controls for Federal Information Systems and Organizations: For Use in Both National Security and Nonnational Security Systems, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=903574 (Accessed March 29, 2024)
Created August 20, 2009, Updated February 19, 2017