PLEASE NOTE: | The following Telework webpages have been placed in ARCHIVED Status. |
---|---|
This project (Telework) webpages should be used FOR HISTORICAL PURPOSES ONLY. This project has been placed into ARCHIVED STATUS for the content on these Telework pages are out -of-date. The content provided here are from the NIST Special Publication 800-53 Revision 3 guideline, which has been superseded by Special Publication 800 53 Revision 4 (Current supporting guideline). NIST Computer Security Division is working to provide updates to this project. there is no target date when this project page will be completed with updates |
The major controls in the NIST Special Publication 800-53 Revision 3, Recommended Security Controls for Federal Information Systems control catalog that impact telework are:
AC-4, Information Flow Enforcement;
Related controls: AC-17, AC-19, AC-21, CM-7, SA-8, SC-2, SC-5, SC-7, SC-18
AC-17, Remote Access;
Related controls: AC-3, AC-18, AC-20, IA-2, IA-3, IA-8, MA-4;
References: NIST Special Publications 800-46, 800-77, 800-113, 800-114, 800-121
AC-18, Wireless Access;
Related controls: AC-3, IA-2, IA-3, IA-8);
References: NIST Special Publications 800-48, 800-94, 800-97
AC-19, Access Control for Mobile Devices;
Related controls: MP-4, MP-5;
References: NIST Special Publications 800-114, 800-124
AC-21, User-Based Collaboration and Information Sharing;
Related control: AC-3
AU-2, Auditable Events;
Related control: AU-3;
References: NIST Special Publications 800-92; Web: csrc.nist.rip
CA-2, Security Assessments;
Related controls: CA-6, CA-7, PM-9, SA-11;
References: FIPS Publication 199; NIST Special Publications 800-37, 800-53A, 800-115
CA-5, Plan of Action and Milestones;
Related control: PM-4;
References: OMB Memorandum 02-01; NIST Special Publication 800-37
CA-6, Security Authorization;
Related controls: CA-2, CA-7, PM-9, PM-10;
References: OMB Circular A-130; NIST Special Publication 800-37
CA-7, Continuous Monitoring;
Related controls: CA-2, CA-5, CA-6, CM-3, CM-4;
References: NIST Special Publications 800-37, 800-53A; US-CERT Technical Cyber Security Alerts; DOD Information Assurance Vulnerability Alerts
CM-6, Configuration Settings;
Related controls: CM-2, CM-3, SI-4;
References: OMB Memorandum 07-11, 07-18, 08-22; NIST Special Publications 800-70, 800-128; Web: nvd.nist.gov; www.nsa.gov)
CM-7, Least Functionality;
Related controls: RA-5;
IA-1, Identification and Authentication Policy and Procedures;
Related control: PM-9;
References: FIPS Publication 201; NIST Special Publications 800-12, 800-63, 800-73, 800-76, 800-78, 800-100
IA-2, Identification and Authentication (Organizational Users);
Related controls: AC-14, AC-17, AC-18, IA-4, IA-5;
References: HSPD 12; OMB Memorandum 04-04; FIPS Publication 201; NIST Special Publications 800-63, 800-73, 800-76, 800-78
IA-3, Device Identification and Authentication;
Related controls: AC-17, AC-18
IA-5, Authenticator Management;
Related controls: AC-2, IA-2, PL-4, PS-6;
References: OMB Memorandum 04-04; FIPS Publication 201; NIST Special Publications 800-73, 800-63, 800-76, 800-78
IA-8, Identification and Authentication (Non-Organizational Users);
Related controls: AC-14, AC-17, AC-18, MA-4;
References: OMB Memorandum 04-04; Web: www.cio.gov/eauthentication; NIST Special Publication 800-63
IR-3, Incident Response Testing and Exercises;
Related control: AT-2;
References: NIST Special Publications 800-84, 800-115
IR-4, Incident Handling;
Related controls: AU-6, CP-2, IR-2, IR-3, PE-6, SC-5, SC-7, SI-3, SI-4, SI-7;
References: NIST Special Publication 800-61
MA-3, Maintenance Tools;
Related control: MP-6;
References: NIST Special Publication 800-88
MA-4, Non-Local Maintenance;
Related Controls: AC-2, AC-3, AC-6, AC-17, AU-2, AU-3, IA-2, IA-8, MA-5, MP-6, SC-7);
References: FIPS Publications 140-2, 197, 201; NIST Special Publications 800-63, 800-88; CNSS Policy 15
MA-6, Timely Maintenance;
Related control: CP-2
MP-2, Media Access;
Related controls: MP-4, PE-3;
References: FIPS Publication 199; NIST Special Publication 800-111
MP-4, Media Storage;
Related controls: AC-3, AC-19, CP-6, CP-9, MP-2, PE-3;
References: FIPS Publication 199; NIST Special Publications 800-56, 800-57, 800-111
MP-6, Media Sanitization;
References: FIPS Publication 199; NIST Special Publications 800-60, 800-88; (Web: https://www.nsa.gov/ia/mitigation_guidance/media_destruction_guidance/index.shtml)
PE-17, Alternate Work Site;
References: NIST Special Publication 800-46
PM-1, Information Security Program Plan;
Related control: PM-8
PM-4, Plan of Action and Milestones Process;
Related control: CA-5;
References: OMB Memorandum 02-01; NIST Special Publication 800-37
RA-5, Vulnerability Scanning;
Related controls: CA-2, CM-6, RA-3, SI-2;
References: NIST Special Publications 800-40, 800-70, 800-115; Web: cwe.mitre.org; nvd.nist.gov
SA-4, Acquisitions;
References: ISO/IEC 15408; FIPS 140-2; NIST Special Publications 800-23, 800-35, 800-36, 800-64, 800-70; Web: www.niap-ccevs.org)
SA-13, Trustworthiness;
Related controls: RA-2, SA-4, SA-8, SC-3;
References: FIPS Publications 199, 200; NIST Special Publications 800-53, 800-53A, 800-60, 800-64
SC-2, Application Partitioning;
SC-7, Boundary Protection;
Related controls: AC-4, IR-4, SC-5;
References: FIPS Publication 199; NIST Special Publications 800-41, 800-77
SC-8, Transmission Integrity;
Related controls: AC-17, PE-4;
References: FIPS Publications 140-2, 197; NIST Special Publications 800-52, 800-77, 800-81, 800-113; NSTISSI No. 7003
SC-9, Transmission Confidentiality;
Related controls: AC-17, PE-4;
References: FIPS Publications 140-2, 197; NIST Special Publications 800-52, 800-77, 800-113; CNSS Policy 15; NSTISSI No. 7003
SC-17, Public Key Infrastructure Certificates;
References: OMB Memorandum 05-24; NIST Special Publications 800-32, 800-63
SC-18, Mobile Code;
References: NIST Special Publication 800-28; DOD Instruction 8552.01
SC-20, Secure Name / Address Resolution Service (Authoritative Source);
References: OMB Memorandum 08-23; NIST Special Publication 800-81
SC-21, Secure Name / Address Resolution Service (Recursive or Caching Resolver);
Reference: NIST Special Publication 800-81
SC-22, Architecture and Provisioning for Name / Address Resolution Service;
Reference: NIST Special Publication 800-81
SC-23, Session Authenticity;
References: NIST Special Publications 800-52, 800-77, 800-95
SC-28, Protection of Information at Rest;
References: NIST Special Publications 800-56, 800-57, 800-111
SI-2, Flaw Remediation;
Related controls: CA-2, CA-7, CM-3, MA-2, IR-4, RA-5, SA-11, SI-11;
Reference: NIST Special Publication 800-40
SI-3, Malicious Code Protection;
Related controls: SA-4, SA-8, SA-12, SA-13, SI-4, SI-7;
Reference: NIST Special Publication 800-83
SI-4, Information System Monitoring;
Related controls: AC-4, AC-8, AC-17, AU-2, AU-6, SI-3, SI-7
References::NIST Special Publications 800-61, 800-83, 800-92, 800-94
SI-5, Security Alerts, Advisories, and Directives;
Reference: NIST Special Publication 800-40
SI-8, Spam Protection;
Related controls: SC-5, SI-3;
Reference: NIST Special Publication 800-45
Special Publication (SP) 800-124 Revision 1, Guidelines on Cell Phone and PDA Security
Special Publication (SP) 800-127, Guide to Securing WiMAX Wireless Communications
Special Publication (SP) 800-123, Guide to General Server Security
Special Publication (SP) 800-121 Revision 1, Guide to Bluetooth Security
Draft Special Publication (SP) 800-118, Guide to Enterprise Password Management
Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment
Special Publication (SP) 800-113, Guide to SSL VPNs
Special Publication (SP) 800-111, Guide to Storage Encryption Technologies for End User Devices
Special Publication (SP) 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS)
Special Publication (SP) 800-92, Guide to Computer Security Log Management
Special Publication (SP) 800-88 Revision 1, Guidelines for Media Sanitization
Special Publication (SP) 800-81-2, Secure Domain Name System (DNS) Deployment Guide
Special Publication (SP) 800-77, Guide to IPsec VPNs
Special Publication (SP) 800-63-2: E-Authentication Guideline
Special Publication (SP) 800-54, Border Gateway Protocol Security
Special Publication (SP) 800-48 Revision 1, Guide to Securing Legacy IEEE 802.11 Wireless Networks
Special Publication (SP) 800-46 Revision 1, Guide to Enterprise Telework and Remote Access Security
Special Publication (SP) 800-41 Revision 1, Guidelines on Firewalls and Firewall Policy
Special Publication (SP) 800-40 Revision 3, Creating a Patch and Vulnerability Management Program
Special Publication (SP) 800-28 Version 2, Guidelines on Active Content and Mobile Code