Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

Risk Management

Security Assessment

NIST Special Publication 800-53A Revision 4

(Consistent with SP 800-53 Rev. 4)

Guide for Assessing the Security Controls in Federal Information Systems and Organizations

*Note: Reference to SP 800-53A is to current standard SP 800-53A Revision 4 & also to SP 800-53 to current standard SP 800-53 Revision 4.*

The purpose of NIST Special Publication 800-53A (as amended) is to establish common assessment procedures to assess the effectiveness of security controls in federal systems, specifically those controls listed in NIST Special Publication 800-53 (as amended), Security and Privacy Controls for Federal Information Systems and Organizations. The assessment methods and procedures are used to determine if the security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the organization. Organizations use the recommended assessment procedures from NIST Special Publication 800-53A as the starting point for developing more specific assessment procedures, which may, in certain cases, be needed because of platform dependencies or other implementation-related considerations. The assessment procedures in Special Publication 800-53A can be supplemented by the organization, if needed, based on an organizational assessment of risk. Organizations must create additional assessment procedures for those security controls that are not contained in NIST Special Publication 800-53. The employment of standardized assessment procedures promotes more consistent, comparable, and repeatable security assessments of federal systems.

- Assessment Cases Overview for Special Publication 800-53A Revision 1

- Download Page for Assessment Cases

NIST initiated the Assessment Case Development Project in October 2007 in a joint partnership with the Departments of Justice, Energy, Transportation, and the Intelligence Community. The interagency task force developed a full suite of assessment cases based on the assessment procedures in Special Publication 800-53A, Revision 1. There will be no further development of assessment cases effective with the publication of Special Publication 800-53A, Revision 4. The material contained will also continue to be available in the archived versions of Special Publication 800-53A, Revision 1.

Created November 30, 2016, Updated November 16, 2017