NIST SP 800-53: Difference between revisions
Jump to navigation
Jump to search
Line 7: | Line 7: | ||
==Contents== | ==Contents== | ||
After the Introduction and discussion of the fundamentals the following set of controls was delineated in section 3. | After the Introduction and discussion of the fundamentals the following set of controls was delineated in section 3. The bolded items are analysed in the sections betow. | ||
# ACCESS CONTROL | # ACCESS CONTROL | ||
# AWARENESS AND TRAINING | # AWARENESS AND TRAINING | ||
Line 22: | Line 22: | ||
# PROGRAM MANAGEMENT | # PROGRAM MANAGEMENT | ||
# PERSONNEL SECURITY | # PERSONNEL SECURITY | ||
# PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY | # '''PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY''' | ||
# RISK ASSESSMENT | # RISK ASSESSMENT | ||
# SYSTEM AND SERVICES ACQUISITION | # SYSTEM AND SERVICES ACQUISITION | ||
Line 28: | Line 28: | ||
# SYSTEM AND INFORMATION INTEGRITY | # SYSTEM AND INFORMATION INTEGRITY | ||
# SUPPLY CHAIN RISK MANAGEMENT | # SUPPLY CHAIN RISK MANAGEMENT | ||
==IDENTIFICATION AND AUTHENTICATION'== | |||
==PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY== | |||
==References== | ==References== |
Revision as of 20:17, 17 March 2020
Full Title
Security and Privacy Controls for Information Systems and Organizations
Context
- This page is addressed to the contexts of the evolving standard.
- NIST SP 800-53 Rev 4 was published on 2013-04
- The final public draft of Revision 4 was published on 2020-03 - the most notable change is to broaden the scope from federal systems to systems in general. Another change was to merge privacy and security so that each was addressed in each section.
Contents
After the Introduction and discussion of the fundamentals the following set of controls was delineated in section 3. The bolded items are analysed in the sections betow.
- ACCESS CONTROL
- AWARENESS AND TRAINING
- AUDIT AND ACCOUNTABILITY
- ASSESSMENT, AUTHORIZATION, AND MONITORING
- CONFIGURATION MANAGEMENT
- CONTINGENCY PLANNING
- IDENTIFICATION AND AUTHENTICATION
- INCIDENT RESPONSE
- MAINTENANCE
- MEDIA PROTECTION
- PHYSICAL AND ENVIRONMENTAL PROTECTION
- PLANNING
- PROGRAM MANAGEMENT
- PERSONNEL SECURITY
- PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY
- RISK ASSESSMENT
- SYSTEM AND SERVICES ACQUISITION
- SYSTEM AND COMMUNICATIONS PROTECTION
- SYSTEM AND INFORMATION INTEGRITY
- SUPPLY CHAIN RISK MANAGEMENT