NIST SP 800-53

From IDESG Wiki

Revision as of 20:19, 17 March 2020 by Tomjones (talk | contribs) (→‎References)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Full Title

Security and Privacy Controls for Information Systems and Organizations

Context

This page is addressed to the contexts of the evolving standard.
- NIST SP 800-53 Rev 4 was published on 2013-04
The final public draft of Revision 4 was published on 2020-03 - the most notable change is to broaden the scope from federal systems to systems in general. Another change was to merge privacy and security so that each was addressed in each section.

Contents

After the Introduction and discussion of the fundamentals the following set of controls was delineated in section 3. The bolded items are analysed in the sections betow.

ACCESS CONTROL
AWARENESS AND TRAINING
AUDIT AND ACCOUNTABILITY
ASSESSMENT, AUTHORIZATION, AND MONITORING
CONFIGURATION MANAGEMENT
CONTINGENCY PLANNING
IDENTIFICATION AND AUTHENTICATION
INCIDENT RESPONSE
MAINTENANCE
MEDIA PROTECTION
PHYSICAL AND ENVIRONMENTAL PROTECTION
PLANNING
PROGRAM MANAGEMENT
PERSONNEL SECURITY
PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY
RISK ASSESSMENT
SYSTEM AND SERVICES ACQUISITION
SYSTEM AND COMMUNICATIONS PROTECTION
SYSTEM AND INFORMATION INTEGRITY
SUPPLY CHAIN RISK MANAGEMENT

IDENTIFICATION AND AUTHENTICATION'

PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY

References

Reference page for 800-53 with other NIST privacy documents

Retrieved from "https://wiki.idesg.org/index.php?title=NIST_SP_800-53&oldid=14196"