[an error occurred while processing this directive]

TELEWORK
(Archived: Historical use only)

PLEASE NOTE:	The following Telework webpages have been placed in ARCHIVED Status.
This project (Telework) webpages should be used FOR HISTORICAL PURPOSES ONLY. This project has been placed into ARCHIVED STATUS for the content on these Telework pages are out -of-date. The content provided here are from the NIST Special Publication 800-53 Revision 3 guideline, which has been superseded by Special Publication 800 53 Revision 4 (Current supporting guideline). NIST Computer Security Division is working to provide updates to this project. there is no target date when this project page will be completed with updates

PLEASE NOTE:

The following Telework webpages have been placed in ARCHIVED Status.

This project (Telework) webpages should be used FOR HISTORICAL PURPOSES ONLY. This project has been placed into ARCHIVED STATUS for the content on these Telework pages are out -of-date. The content provided here are from the NIST Special Publication 800-53 Revision 3 guideline, which has been superseded by Special Publication 800 53 Revision 4 (Current supporting guideline). NIST Computer Security Division is working to provide updates to this project. there is no target date when this project page will be completed with updates

Supporting NIST 800-53 Revision 3 Security Controls and Publications

The major controls in the NIST Special Publication 800-53 Revision 3, Recommended Security Controls for Federal Information Systems control catalog that impact telework are:

AC

AC-4, Information Flow Enforcement;
Related controls: AC-17, AC-19, AC-21, CM-7, SA-8, SC-2, SC-5, SC-7, SC-18

AC-17, Remote Access;
Related controls: AC-3, AC-18, AC-20, IA-2, IA-3, IA-8, MA-4;
References: NIST Special Publications 800-46, 800-77, 800-113, 800-114, 800-121

AC-18, Wireless Access;
Related controls: AC-3, IA-2, IA-3, IA-8);
References: NIST Special Publications 800-48, 800-94, 800-97

AC-19, Access Control for Mobile Devices;
Related controls: MP-4, MP-5;
References: NIST Special Publications 800-114, 800-124

AC-21, User-Based Collaboration and Information Sharing;
Related control: AC-3

AU

AU-2, Auditable Events;
Related control: AU-3;
References: NIST Special Publications 800-92; Web: csrc.nist.rip

CA

CA-2, Security Assessments;
Related controls: CA-6, CA-7, PM-9, SA-11;
References: FIPS Publication 199; NIST Special Publications 800-37, 800-53A, 800-115

CA-5, Plan of Action and Milestones;
Related control: PM-4;
References: OMB Memorandum 02-01; NIST Special Publication 800-37

CA-6, Security Authorization;
Related controls: CA-2, CA-7, PM-9, PM-10;
References: OMB Circular A-130; NIST Special Publication 800-37

CA-7, Continuous Monitoring;
Related controls: CA-2, CA-5, CA-6, CM-3, CM-4;
References: NIST Special Publications 800-37, 800-53A; US-CERT Technical Cyber Security Alerts; DOD Information Assurance Vulnerability Alerts

CM

CM-6, Configuration Settings;
Related controls: CM-2, CM-3, SI-4;
References: OMB Memorandum 07-11, 07-18, 08-22; NIST Special Publications 800-70, 800-128; Web: nvd.nist.gov; www.nsa.gov)

CM-7, Least Functionality;
Related controls: RA-5;

IA

IA-1, Identification and Authentication Policy and Procedures;
Related control: PM-9;
References: FIPS Publication 201; NIST Special Publications 800-12, 800-63, 800-73, 800-76, 800-78, 800-100

IA-2, Identification and Authentication (Organizational Users);
Related controls: AC-14, AC-17, AC-18, IA-4, IA-5;
References: HSPD 12; OMB Memorandum 04-04; FIPS Publication 201; NIST Special Publications 800-63, 800-73, 800-76, 800-78

IA-3, Device Identification and Authentication;
Related controls: AC-17, AC-18

IA-5, Authenticator Management;
Related controls: AC-2, IA-2, PL-4, PS-6;
References: OMB Memorandum 04-04; FIPS Publication 201; NIST Special Publications 800-73, 800-63, 800-76, 800-78

IA-8, Identification and Authentication (Non-Organizational Users);
Related controls: AC-14, AC-17, AC-18, MA-4;
References: OMB Memorandum 04-04; Web: www.cio.gov/eauthentication; NIST Special Publication 800-63

IR

IR-3, Incident Response Testing and Exercises;
Related control: AT-2;
References: NIST Special Publications 800-84, 800-115

IR-4, Incident Handling;
Related controls: AU-6, CP-2, IR-2, IR-3, PE-6, SC-5, SC-7, SI-3, SI-4, SI-7;
References: NIST Special Publication 800-61

MA

MA-3, Maintenance Tools;
Related control: MP-6;
References: NIST Special Publication 800-88

MA-4, Non-Local Maintenance;
Related Controls: AC-2, AC-3, AC-6, AC-17, AU-2, AU-3, IA-2, IA-8, MA-5, MP-6, SC-7);
References: FIPS Publications 140-2, 197, 201; NIST Special Publications 800-63, 800-88; CNSS Policy 15

MA-6, Timely Maintenance;
Related control: CP-2

MP

MP-2, Media Access;
Related controls: MP-4, PE-3;
References: FIPS Publication 199; NIST Special Publication 800-111

MP-4, Media Storage;
Related controls: AC-3, AC-19, CP-6, CP-9, MP-2, PE-3;
References: FIPS Publication 199; NIST Special Publications 800-56, 800-57, 800-111

MP-6, Media Sanitization;
References: FIPS Publication 199; NIST Special Publications 800-60, 800-88; (Web: https://www.nsa.gov/ia/mitigation_guidance/media_destruction_guidance/index.shtml)

PE

PE-17, Alternate Work Site;
References: NIST Special Publication 800-46

PM

PM-1, Information Security Program Plan;
Related control: PM-8

PM-4, Plan of Action and Milestones Process;
Related control: CA-5;
References: OMB Memorandum 02-01; NIST Special Publication 800-37

RA

RA-5, Vulnerability Scanning;
Related controls: CA-2, CM-6, RA-3, SI-2;
References: NIST Special Publications 800-40, 800-70, 800-115; Web: cwe.mitre.org; nvd.nist.gov

SA

SA-4, Acquisitions;
References: ISO/IEC 15408; FIPS 140-2; NIST Special Publications 800-23, 800-35, 800-36, 800-64, 800-70; Web: www.niap-ccevs.org)

SA-13, Trustworthiness;
Related controls: RA-2, SA-4, SA-8, SC-3;
References: FIPS Publications 199, 200; NIST Special Publications 800-53, 800-53A, 800-60, 800-64

SC

SC-2, Application Partitioning;

SC-7, Boundary Protection;
Related controls: AC-4, IR-4, SC-5;
References: FIPS Publication 199; NIST Special Publications 800-41, 800-77

SC-8, Transmission Integrity;
Related controls: AC-17, PE-4;
References: FIPS Publications 140-2, 197; NIST Special Publications 800-52, 800-77, 800-81, 800-113; NSTISSI No. 7003

SC-9, Transmission Confidentiality;
Related controls: AC-17, PE-4;
References: FIPS Publications 140-2, 197; NIST Special Publications 800-52, 800-77, 800-113; CNSS Policy 15; NSTISSI No. 7003

SC-17, Public Key Infrastructure Certificates;
References: OMB Memorandum 05-24; NIST Special Publications 800-32, 800-63

SC-18, Mobile Code;
References: NIST Special Publication 800-28; DOD Instruction 8552.01

SC-20, Secure Name / Address Resolution Service (Authoritative Source);
References: OMB Memorandum 08-23; NIST Special Publication 800-81

SC-21, Secure Name / Address Resolution Service (Recursive or Caching Resolver);
Reference: NIST Special Publication 800-81

SC-22, Architecture and Provisioning for Name / Address Resolution Service;
Reference: NIST Special Publication 800-81

SC-23, Session Authenticity;
References: NIST Special Publications 800-52, 800-77, 800-95

SC-28, Protection of Information at Rest;
References: NIST Special Publications 800-56, 800-57, 800-111

SI

SI-2, Flaw Remediation;
Related controls: CA-2, CA-7, CM-3, MA-2, IR-4, RA-5, SA-11, SI-11;
Reference: NIST Special Publication 800-40

SI-3, Malicious Code Protection;
Related controls: SA-4, SA-8, SA-12, SA-13, SI-4, SI-7;
Reference: NIST Special Publication 800-83

SI-4, Information System Monitoring;
Related controls: AC-4, AC-8, AC-17, AU-2, AU-6, SI-3, SI-7
References::NIST Special Publications 800-61, 800-83, 800-92, 800-94

SI-5, Security Alerts, Advisories, and Directives;
Reference: NIST Special Publication 800-40

SI-8, Spam Protection;
Related controls: SC-5, SI-3;
Reference: NIST Special Publication 800-45