NIST SP 800-53 R5 Draft, 2017

Type

NIST Special Publication

Title

NIST SP 800-53 R5 Draft: Security and Privacy Controls for Information Systems and Organizations (Special Publication No. S

Authors

NIST

Year

2017

Harvard

NIST, 2017. NIST SP 800-53 R5 Draft: Security and Privacy Controls for Information Systems and Organizations (Special Publication No. SP 800-53 R5 Draft). NIST.

Abstract

This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile attacks, natural disasters, structural failures, human errors, and privacy risks. The controls are flexible and customizable and implemented as part of an organization-wide process to manage risk. The controls address diverse requirements derived from mission and business needs, laws, Executive Orders, directives, regulations, policies, standards, and guidelines. The publication describes how to develop specialized sets of controls, or overlays, tailored for specific types of missions and business functions, technologies, environments of operation, and sector-specific applications. Finally, the consolidated catalog of controls addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms) and an assurance perspective (i.e., the measure of confidence in the security or privacy capability). Addressing both functionality and assurance ensures that information technology products and the information systems that rely on those products are sufficiently trustworthy.

(NIST SP 800-53 R5 Draft, 2017 , p. ii)


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.