Radack, S.
(2007),
Security Controls for Information Systems: Revised Guidelines Issued by NIST, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51110
(Accessed April 26, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security Controls for Information Systems: Revised Guidelines Issued by NIST
Published
Author(s)
Abstract
This bulletin summarizes the information provided in NIST SP 800-53, concerning the guidance developed for federal agencies in selecting and specifying security controls for their information systems. The bulletin discusses the contents of SP 800-53 and its supplemental publications, and explains how to gain access to the guidance. Topics covered in the bulletin include: how security controls should be selected and used as part of a well-defined and documented information security program; the requirements of the Federal Information Security Management Act (FISMA) and the standards and guidelines developed by NIST under the FISMA; the risk management approach to selecting controls as part of an organization¿s information security program; the tailoring guidance introduced in the guide to give federal agencies flexibility in responding to known threats and in taking action on agency-identified risks. References are provided to NIST publications that support the risk management process and the selection, implementation, and assessment of security controls.Citation
ITL Bulletin -
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
Federal Information Security Management Act, FIPS, information security, information systems, minimum security requirements, risk management, security controls
Citation
Created January 31, 2007, Updated January 27, 2020