1.5 organization of this special publication

The remainder of this special publication is organized as follows:

  • Chapter Two describes the fundamental concepts associated with security control selection and specification including: (i) multitiered risk management; (ii) the structure of security controls and how the controls are organized into families; (iii) security control baselines as starting points for the tailoring process; (iv) the use of common controls and inheritance of security capabilities; (v) external environments and service providers; (vi) assurance and trustworthiness; and (vii) revisions and extensions to security controls and control baselines.
  • Chapter Three describes the process of selecting and specifying security controls for organizational information systems including: (i) selecting appropriate security control baselines; (ii) tailoring the baseline controls including developing specialized overlays; (iii) documenting the security control selection process; and (iv) applying the selection process to new and legacy systems.
  • Supporting appendices provide essential security control selection and specification-related information including: (i) general references; [25]</sup> (ii) definitions and terms; (iii) acronyms; (iv) baseline security controls for low-impact, moderate-impact, and high-impact information systems; (v) guidance on assurance and trustworthiness in information systems; (vi) a catalog of security controls;[26]</sup> (vii) a catalog of information security program management controls; (viii) mappings to international information security standards; (ix) guidance for developing overlays by organizations or communities of interest; and (x) a catalog of privacy controls.

chapter two

25. Unless otherwise stated, all references to NIST publications in this document (i.e., Federal Information Processing Standards and Special Publications) are to the most recent version of the publication.
26. The security controls in Special Publication 800-53 are available online and can be downloaded in various formats from the NIST web site at:

results matching ""

    No results matching ""