NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
[an error occurred while processing this directive]

TELEWORK
(Archived: Historical use only)

 
PLEASE NOTE: The following Telework webpages have been placed in ARCHIVED Status.

This project (Telework) webpages should be used FOR HISTORICAL PURPOSES ONLY. This project has been placed into ARCHIVED STATUS for the content on these Telework pages are out -of-date. The content provided here are from the NIST Special Publication 800-53 Revision 3 guideline, which has been superseded by Special Publication 800 53 Revision 4 (Current supporting guideline). NIST Computer Security Division is working to provide updates to this project. there is no target date when this project page will be completed with updates


 

Supporting NIST 800-53 Revision 3 Security Controls and Publications

The major controls in the NIST Special Publication 800-53 Revision 3, Recommended Security Controls for Federal Information Systems control catalog that impact telework are:


AC


AC-4, Information Flow Enforcement; 
Related controls: AC-17, AC-19, AC-21, CM-7, SA-8, SC-2, SC-5, SC-7, SC-18

AC-17, Remote Access
Related controls: AC-3, AC-18, AC-20, IA-2, IA-3, IA-8, MA-4; 
References: NIST Special Publications 800-46, 800-77, 800-113, 800-114, 800-121

AC-18, Wireless Access; 
Related controls: AC-3, IA-2, IA-3, IA-8); 
References: NIST Special Publications 800-48, 800-94, 800-97

AC-19, Access Control for Mobile Devices; 
Related controls: MP-4, MP-5; 
References: NIST Special Publications 800-114, 800-124

AC-21, User-Based Collaboration and Information Sharing; 
Related control: AC-3 


AU


AU-2, Auditable Events;
Related control: AU-3; 
References: NIST Special Publications 800-92; Web: csrc.nist.rip


CA


CA-2, Security Assessments; 
Related controls: CA-6, CA-7, PM-9, SA-11; 
References: FIPS Publication 199; NIST Special Publications 800-37, 800-53A, 800-115

CA-5, Plan of Action and Milestones; 
Related control: PM-4; 
References: OMB Memorandum 02-01; NIST Special Publication 800-37

CA-6, Security Authorization; 
Related controls: CA-2, CA-7, PM-9, PM-10; 
References: OMB Circular A-130; NIST Special Publication 800-37

CA-7, Continuous Monitoring; 
Related controls: CA-2, CA-5, CA-6, CM-3, CM-4; 
References: NIST Special Publications 800-37, 800-53A; US-CERT Technical Cyber Security Alerts; DOD Information Assurance Vulnerability Alerts


CM


CM-6, Configuration Settings
Related controls: CM-2, CM-3, SI-4; 
References: OMB Memorandum 07-11, 07-18, 08-22; NIST Special Publications 800-70, 800-128; Web: nvd.nist.gov; www.nsa.gov)

CM-7, Least Functionality; 
Related controls: RA-5; 


IA


IA-1, Identification and Authentication Policy and Procedures
Related control: PM-9;  
References: FIPS Publication 201; NIST Special Publications 800-12, 800-63, 800-73, 800-76, 800-78, 800-100

IA-2, Identification and Authentication (Organizational Users)
Related controls: AC-14, AC-17, AC-18, IA-4, IA-5; 
References: HSPD 12; OMB Memorandum 04-04; FIPS Publication 201; NIST Special Publications 800-63, 800-73, 800-76, 800-78

IA-3, Device Identification and Authentication; 
Related controls: AC-17, AC-18

IA-5, Authenticator Management
Related controls: AC-2, IA-2, PL-4, PS-6; 
References: OMB Memorandum 04-04; FIPS Publication 201; NIST Special Publications 800-73, 800-63, 800-76, 800-78

IA-8, Identification and Authentication (Non-Organizational Users)
Related controls: AC-14, AC-17, AC-18, MA-4;
References: OMB Memorandum 04-04; Web: www.cio.gov/eauthentication; NIST Special Publication 800-63


IR


IR-3, Incident Response Testing and Exercises; 
Related control: AT-2; 
References: NIST Special Publications 800-84, 800-115

IR-4, Incident Handling; 
Related controls: AU-6, CP-2, IR-2, IR-3, PE-6, SC-5, SC-7, SI-3, SI-4, SI-7; 
References: NIST Special Publication 800-61


MA


MA-3, Maintenance Tools;
Related control: MP-6; 
References: NIST Special Publication 800-88

MA-4, Non-Local Maintenance;
Related Controls: AC-2, AC-3, AC-6, AC-17, AU-2, AU-3, IA-2, IA-8, MA-5, MP-6, SC-7);
References: FIPS Publications 140-2, 197, 201; NIST Special Publications 800-63, 800-88; CNSS Policy 15

MA-6, Timely Maintenance; 
Related control: CP-2


MP


MP-2, Media Access;  
Related controls: MP-4, PE-3; 
References: FIPS Publication 199; NIST Special Publication 800-111

MP-4, Media Storage; 
Related controls: AC-3, AC-19, CP-6, CP-9, MP-2, PE-3; 
References: FIPS Publication 199; NIST Special Publications 800-56, 800-57, 800-111

MP-6, Media Sanitization;
References: FIPS Publication 199; NIST Special Publications 800-60, 800-88; (Web: https://www.nsa.gov/ia/mitigation_guidance/media_destruction_guidance/index.shtml


PE


PE-17, Alternate Work Site;  
References: NIST Special Publication 800-46


PM


PM-1Information Security Program Plan; 
Related control: PM-8

PM-4, Plan of Action and Milestones Process; 
Related control: CA-5; 
References: OMB Memorandum 02-01; NIST Special Publication 800-37


RA


RA-5, Vulnerability Scanning
Related controls: CA-2, CM-6, RA-3, SI-2; 
References: NIST Special Publications 800-40, 800-70, 800-115; Web: cwe.mitre.org; nvd.nist.gov


SA


SA-4, Acquisitions; 
References: ISO/IEC 15408; FIPS 140-2; NIST Special Publications 800-23, 800-35, 800-36, 800-64, 800-70; Web: www.niap-ccevs.org)

SA-13, Trustworthiness; 
Related controls: RA-2, SA-4, SA-8, SC-3; 
References: FIPS Publications 199, 200; NIST Special Publications 800-53, 800-53A, 800-60, 800-64


SC


SC-2, Application Partitioning

SC-7, Boundary Protection; 
Related controls: AC-4, IR-4, SC-5; 
References: FIPS Publication 199; NIST Special Publications 800-41, 800-77

SC-8, Transmission Integrity; 
Related controls: AC-17, PE-4;
References: FIPS Publications 140-2, 197; NIST Special Publications 800-52, 800-77, 800-81, 800-113; NSTISSI No. 7003

SC-9, Transmission Confidentiality; 
Related controls: AC-17, PE-4; 
References: FIPS Publications 140-2, 197; NIST Special Publications 800-52, 800-77, 800-113; CNSS Policy 15; NSTISSI No. 7003

SC-17, Public Key Infrastructure Certificates
References: OMB Memorandum 05-24; NIST Special Publications 800-32, 800-63

SC-18, Mobile Code
References: NIST Special Publication 800-28; DOD Instruction 8552.01

SC-20, Secure Name / Address Resolution Service (Authoritative Source); 
References: OMB Memorandum 08-23; NIST Special Publication 800-81

SC-21, Secure Name / Address Resolution Service (Recursive or Caching Resolver); 
Reference: NIST Special Publication 800-81

SC-22, Architecture and Provisioning for Name / Address Resolution Service; 
Reference: NIST Special Publication 800-81

SC-23, Session Authenticity; 
References: NIST Special Publications 800-52, 800-77, 800-95

SC-28, Protection of Information at Rest; 
References: NIST Special Publications 800-56, 800-57, 800-111


SI


SI-2, Flaw Remediation; 
Related controls: CA-2, CA-7, CM-3, MA-2, IR-4, RA-5, SA-11, SI-11; 
Reference: NIST Special Publication 800-40

SI-3, Malicious Code Protection; 
Related controls: SA-4, SA-8, SA-12, SA-13, SI-4, SI-7; 
Reference: NIST Special Publication 800-83

SI-4, Information System Monitoring; 
Related controls: AC-4, AC-8, AC-17, AU-2, AU-6, SI-3, SI-7 
References::NIST Special Publications 800-61, 800-83, 800-92, 800-94

SI-5, Security Alerts, Advisories, and Directives; 
Reference: NIST Special Publication 800-40

SI-8, Spam Protection; 
Related controls: SC-5, SI-3; 
Reference: NIST Special Publication 800-45

 


Information on these controls and guidance on possible implementations can be found in the following publications:

Special Publication (SP) 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations
 

Special Publication (SP) 800-124 Revision 1, Guidelines on Cell Phone and PDA Security
 

Special Publication (SP) 800-127, Guide to Securing WiMAX Wireless Communications
 

Special Publication (SP) 800-123, Guide to General Server Security
 

Special Publication (SP) 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
 

Special Publication (SP) 800-121 Revision 1, Guide to Bluetooth Security
 

Special Publication (SP) 800-120, Recommendation for EAP Methods Used in Wireless Network Access Authentication
 

Draft Special Publication (SP) 800-118, Guide to Enterprise Password Management
 

Special Publication (SP) 800-117, Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0
 

Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment
 

Special Publication (SP) 800-114, User's Guide to Securing External Devices for Telework and Remote Access
 

Special Publication (SP) 800-113, Guide to SSL VPNs
 

Special Publication (SP) 800-111, Guide to Storage Encryption Technologies for End User Devices
 

Special Publication (SP) 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
 

Special Publication (SP) 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS)
 

Special Publication (SP) 800-92, Guide to Computer Security Log Management
 

Special Publication (SP) 800-88 Revision 1, Guidelines for Media Sanitization
 

Special Publication (SP) 800-81-2, Secure Domain Name System (DNS) Deployment Guide
 

Special Publication (SP) 800-77, Guide to IPsec VPNs
 

Special Publication (SP) 800-70 Revision 2, National Checklist Program for IT Products--Guidelines for Checklist Users and Developers
 

Special Publication (SP) 800-69, Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist
 

Special Publication (SP) 800-68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals
 

Special Publication (SP) 800-63-2: E-Authentication Guideline
 

Special Publication (SP) 800-54, Border Gateway Protocol Security
 

Special Publication (SP) 800-53 Revision 4 (NOTE: SP 800-53 Revision 3 has been superseded by Revision 4), Recommended Security Controls for Federal Information Systems and Organizations
 

Special Publication (SP) 800-48 Revision 1, Guide to Securing Legacy IEEE 802.11 Wireless Networks
 

Special Publication (SP) 800-46 Revision 1, Guide to Enterprise Telework and Remote Access Security
 

Special Publication (SP) 800-41 Revision 1, Guidelines on Firewalls and Firewall Policy
 

Special Publication (SP) 800-40 Revision 3, Creating a Patch and Vulnerability Management Program
 

Special Publication (SP) 800-28 Version 2, Guidelines on Active Content and Mobile Code