Date Published: July 2008
Supersedes:
IR 6885 E2003 (02/01/2003); IR 6951 (01/31/2003); SP 800-26 (11/01/2001)
Author(s)
Ron Ross (NIST), L. Johnson (NIST), Stuart Katzke (NIST), Patricia Toth (NIST), Gary Stoneburner (APL), George Rogers
The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and procedures to enable the assessment of security controls employed in information systems supporting the executive agencies of the federal government. Organizations should use this publication in conjunction with an approved system security plan to create a viable security assessment plan for producing and compiling the information necessary to determine the effectiveness of the security controls employed within the information system. The assessment procedures should be used as a starting point for and as input to the security assessment. SP800-53A guidelines are applicable to all federal information systems other than those systems designated as national security systems as defined in 44 U.S.C., Section 3542. The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems. This publication is intended to serve a diverse group of information system and information security professionals, including individuals with information system and security management and oversight responsibilities, integration responsibilities, operational responsibilities, and security assessment and monitoring responsibilities.
The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and procedures to enable the assessment of security controls employed in information systems supporting the executive agencies of the federal government. Organizations should use...
See full abstract
The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and procedures to enable the assessment of security controls employed in information systems supporting the executive agencies of the federal government. Organizations should use this publication in conjunction with an approved system security plan to create a viable security assessment plan for producing and compiling the information necessary to determine the effectiveness of the security controls employed within the information system. The assessment procedures should be used as a starting point for and as input to the security assessment. SP800-53A guidelines are applicable to all federal information systems other than those systems designated as national security systems as defined in 44 U.S.C., Section 3542. The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems. This publication is intended to serve a diverse group of information system and information security professionals, including individuals with information system and security management and oversight responsibilities, integration responsibilities, operational responsibilities, and security assessment and monitoring responsibilities.
Hide full abstract
Keywords
categorization; FISMA; penetration testing; risk management; security assessment plans; security controls
Control Families
None selected