Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Self-Assessment Guide for Information Technology Systems



Marianne M. Swanson


[Withdrawn December 19, 2007; Superseded by SP 800-53 (Feb. 2005),, and SP 800-53A (July 2008),] Self-assessments provide a method for agency officials to determine the current status of their information security programs and, where necessary, establish a target for improvement. This self-assessment guide utilizes an extensive questionnaire containing specific control objectives and techniques against which an unclassified system or group of interconnected systems can be tested and measured. The guide does not establish new security requirements. The control objectives and techniques are abstracted directly from long-standing requirements found in statute, policy, and guidance on security. This document builds on the Federal IT Security Assessment Framework (Framework) developed by NIST for the Federal Chief Information Officer (CIO) Council. The Framework established the groundwork for standardizing on five levels of security status and criteria agencies could use to determine if the five levels were adequately implemented. This document provides guidance on applying the Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area.
Special Publication (NIST SP) - 800-26
Report Number


ASSET, Automated Security Self-Evaluation Tool, security assessment


Swanson, M. (2001), Security Self-Assessment Guide for Information Technology Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed July 17, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created November 1, 2001, Updated February 19, 2017