Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans (NIST SP 800-53A, Revision 1)
| Author | : nist |
| Publisher | : |
| Total Pages | : 408 |
| Release | : 2013-12-19 |
| ISBN-10 | : 1494750694 |
| ISBN-13 | : 9781494750695 |
| Rating | : 4/5 (695 Downloads) |
Download or read book Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans (NIST SP 800-53A, Revision 1) written by nist and published by . This book was released on 2013-12-19 with total page 408 pages. Available in PDF, EPUB and Kindle. Book excerpt: Special Publication 800-53A, Revision 1 provides guidelines for developing security assessment plans and associated security control assessment procedures that are consistent with Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systemsand Organizations, August 2009 (including updates as of 05-01-2010). NIST has been working in partnership with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee onNational Security Systems (CNSS) to develop a common information security framework for the federal government and its contractors. The updated security assessment guideline incorporates best practices in informationsecurity from the United States Department of Defense, Intelligence Community, and Civil agencies and includes security control assessment procedures for both national security and non national security systems. Theguideline for developing security assessment plans is intended to support a wide variety of assessment activities in all phases of the system development life cycle including development, implementation, and operation. Theimportant changes described in Special Publication 800-53A, Revision 1, are part of a larger strategic initiative to focus on enterprise-wide, near real-time risk management; that is, managing risks from information systems in dynamicenvironments of operation that can adversely affect organizational operations and assets, individuals, other organizations, and the Nation. The increasedflexibility in the selection of assessment methods, assessment objects, and depth and coverage attribute values empowers organizations to place the appropriate emphasis on the assessment process at every stage in the system development life cycle. [Supersedes NIST SP 800-53A (July 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51209]
Top