Security Controls for Information Systems: Revised Guidelines Issued by NIST
Shirley M. Radack
This bulletin summarizes the information provided in NIST SP 800-53, concerning the guidance developed for federal agencies in selecting and specifying security controls for their information systems. The bulletin discusses the contents of SP 800-53 and its supplemental publications, and explains how to gain access to the guidance. Topics covered in the bulletin include: how security controls should be selected and used as part of a well-defined and documented information security program; the requirements of the Federal Information Security Management Act (FISMA) and the standards and guidelines developed by NIST under the FISMA; the risk management approach to selecting controls as part of an organization¿s information security program; the tailoring guidance introduced in the guide to give federal agencies flexibility in responding to known threats and in taking action on agency-identified risks. References are provided to NIST publications that support the risk management process and the selection, implementation, and assessment of security controls.
Security Controls for Information Systems: Revised Guidelines Issued by NIST, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51110
(Accessed October 4, 2023)