NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Security Controls for Information Systems: Revised Guidelines Issued by NIST

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information provided in NIST SP 800-53, concerning the guidance developed for federal agencies in selecting and specifying security controls for their information systems. The bulletin discusses the contents of SP 800-53 and its supplemental publications, and explains how to gain access to the guidance. Topics covered in the bulletin include: how security controls should be selected and used as part of a well-defined and documented information security program; the requirements of the Federal Information Security Management Act (FISMA) and the standards and guidelines developed by NIST under the FISMA; the risk management approach to selecting controls as part of an organization¿s information security program; the tailoring guidance introduced in the guide to give federal agencies flexibility in responding to known threats and in taking action on agency-identified risks. References are provided to NIST publications that support the risk management process and the selection, implementation, and assessment of security controls.
Citation
ITL Bulletin -
NIST Pub Series
ITL Bulletin
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

Federal Information Security Management Act, FIPS, information security, information systems, minimum security requirements, risk management, security controls
Cybersecurity and privacy

Citation

Radack, S. (2007), Security Controls for Information Systems: Revised Guidelines Issued by NIST, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51110 (Accessed October 14, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created January 31, 2007, Updated January 27, 2020
Was this page helpful?