没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论

Draft NIST Special Publication 800-53
Revision 5
Security and Privacy Controls for
Information Systems and
Organizations
JOINT TASK FORCE
INITIAL PUBLIC DRAFT
This publication contains a comprehensive catalog of
technical and nontechnical security and privacy controls.
The controls can support a variety of specialty applications
including the Risk Management Framework, Cybersecurity
Framework, and Systems Engineering Processes used for
developing systems, products, components, and services
and for protecting organizations, systems, and individuals.

Draft NIST Special Publication 800-53
Revision 5
Security and Privacy Controls for
Information Systems and
Organizations
August 2017
U.S. Department of Commerce
Wilbur L. Ross, Jr., Secretary
National Institute of Standards and Technology
Kent Rochford, Acting NIST Director and Under Secretary of Commerce for Standards and Technology

DRAFT NIST SP 800-53, REVISION 5 SECURITY AND PRIVACY CONTROLS FOR
INFORMATION SYSTEMS AND ORGANIZATIONS
________________________________________________________________________________________________
PAGE i
Authority
This publication has been developed by NIST to further its statutory responsibilities under the
Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq.,
Public Law (P.L.) 113-283. NIST is responsible for developing information security standards
and guidelines, including minimum requirements for federal information systems, but such
standards and guidelines shall not apply to national security systems without the express approval
of appropriate federal officials exercising policy authority over such systems. This guideline is
consistent with the requirements of the Office of Management and Budget (OMB) Circular A-
130.
Nothing in this publication should be taken to contradict the standards and guidelines made
mandatory and binding on federal agencies by the Secretary of Commerce under statutory
authority. Nor should these guidelines be interpreted as altering or superseding the existing
authorities of the Secretary of Commerce, Director of OMB, or any other federal official. This
publication may be used by nongovernmental organizations on a voluntary basis and is not
subject to copyright in the United States. Attribution would, however, be appreciated by NIST.
National Institute of Standards and Technology Special Publication 800-53, Revision 5
Natl. Inst. Stand. Technol. Spec. Publ. 800-53, Rev. 5, 494 pages (August 2017)
CODEN: NSPUE2
Public comment period: August 15 through September 12, 2017
National Institute of Standards and Technology
Attn: Computer Security Division, Information Technology Laboratory
100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930
Email: sec-cert@nist.gov
All comments are subject to release under the Freedom of Information Act (FOIA).
Certain commercial entities, equipment, or materials may be identified in this document to
describe an experimental procedure or concept adequately. Such identification is not intended to
imply recommendation or endorsement by NIST, nor is it intended to imply that the entities,
materials, or equipment are necessarily the best available for the purpose.
There may be references in this publication to other publications currently under development by
NIST in accordance with its assigned statutory responsibilities. The information in this publication,
including concepts, practices, and methodologies, may be used by federal agencies even before
the completion of such companion publications. Thus, until each publication is completed, current
requirements, guidelines, and procedures, where they exist, remain operative. For planning and
transition purposes, federal agencies may wish to closely follow the development of these new
publications by NIST.
Organizations are encouraged to review draft publications during the designated public comment
periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones
noted above, are available at http://csrc.nist.gov/publications
.

DRAFT NIST SP 800-53, REVISION 5 SECURITY AND PRIVACY CONTROLS FOR
INFORMATION SYSTEMS AND ORGANIZATIONS
________________________________________________________________________________________________
PAGE ii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology (NIST) promotes the U.S. economy and public welfare by providing technical
leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test
methods, reference data, proof of concept implementations, and technical analyses to advance the
development and productive use of information technology (IT). ITL’s responsibilities include
the development of management, administrative, technical, and physical standards and guidelines
for the cost-effective security of other than national security-related information and protection of
individuals’ privacy in federal information systems. The Special Publication 800-series reports on
ITL’s research, guidelines, and outreach efforts in information systems security and its
collaborative activities with industry, government, and academic organizations.
Abstract
This publication provides a catalog of security and privacy controls for federal information
systems and organizations to protect organizational operations and assets, individuals, other
organizations, and the Nation from a diverse set of threats including hostile attacks, natural
disasters, structural failures, human errors, and privacy risks. The controls are flexible and
customizable and implemented as part of an organization-wide process to manage risk. The
controls address diverse requirements derived from mission and business needs, laws, Executive
Orders, directives, regulations, policies, standards, and guidelines. The publication describes how
to develop specialized sets of controls, or overlays, tailored for specific types of missions and
business functions, technologies, environments of operation, and sector-specific applications.
Finally, the consolidated catalog of controls addresses security and privacy from a functionality
perspective (i.e., the strength of functions and mechanisms) and an assurance perspective (i.e., the
measure of confidence in the security or privacy capability). Addressing both functionality and
assurance ensures that information technology products and the information systems that rely on
those products are sufficiently trustworthy.
Keywords
Assurance; availability; computer security; confidentiality; FISMA; information security;
integrity; personally identifiable information; Privacy Act; privacy controls; privacy functions;
privacy requirements; Risk Management Framework; security controls; security functions;
security requirements; system; system security.

DRAFT NIST SP 800-53, REVISION 5 SECURITY AND PRIVACY CONTROLS FOR
INFORMATION SYSTEMS AND ORGANIZATIONS
________________________________________________________________________________________________
PAGE iii
Acknowledgements
This publication was developed by the Joint Task Force Transformation Initiative Interagency
Working Group with representatives from the Civil, Defense, and Intelligence Communities in an
ongoing effort to produce a unified information security framework for the federal government.
The National Institute of Standards and Technology wishes to acknowledge and thank the senior
leaders from the Departments of Commerce and Defense, the Office of the Director of National
Intelligence, the Committee on National Security Systems, and the members of the interagency
technical working group whose dedicated efforts contributed significantly to the publication. The
senior leaders, interagency working group members, and their organizational affiliations include:
Department of Defense Office of the Director of National Intelligence
John A. Zangardi Raymond Cook
Acting DoD Chief Information Officer Assistant DNI and Chief Information Officer
Thomas P. Michelli Jennifer Kron
Acting Principal Deputy and DoD Chief Information Officer Deputy Chief Information Officer
Essye B. Miller Sue Dorr
Deputy Chief Information Officer for Cybersecurity
Director, Information Assurance Division
and DoD Senior Information Security Officer
and Chief Information Security Officer
John R. Mills Wallace Coggins
Director, Cybersecurity Policy, Strategy, and International Director, Security Coordination Center
National Institute of Standards and Technology Committee on National Security Systems
Charles H. Romine Essye B. Miller
Director, Information Technology Laboratory Chair
Donna Dodson Cheryl Peace
Cybersecurity Advisor, Information Technology Laboratory Co-Chair
Matt Scholl Kevin Dulany
Chief, Computer Security Division Tri-Chair—Defense Community
Kevin Stine Peter H. Duspiva
Chief, Applied Cybersecurity Division Tri-Chair—Intelligence Community
Ron Ross Daniel Dister
FISMA Implementation Project Leader Tri-Chair—Civil Agencies
Joint Task Force Transformation Initiative Interagency Working Group
Ron Ross Kevin Dulany Dorian Pappas Kelley Dempsey
NIST, JTF Leader Department of Defense Intelligence Community NIST
Jody Jacobs Victoria Pillitteri Taylor Roberts Naomi Lefkovitz
NIST NIST OMB NIST
Ellen Nadeau Charles Cutshall Esten Porter Ned Goren
NIST OMB The MITRE Corporation NIST
David Black Rich Graubart Daniel Faigin Christian Enloe
The MITRE Corporation The MITRE Corporation Aerospace Corporation NIST
In addition to the above acknowledgments, a special note of thanks goes to Peggy Himes, Jim
Foti, and Elizabeth Lennon of NIST for their superb technical editing and administrative support.
The authors also wish to recognize Kristen Baldwin, Carol Bales, John Bazile, Jon Boyens, Sean
Brooks, Ruth Cannatti, Kathleen Coupe, Keesha Crosby, Dominic Cussatt, Ja’Nelle DeVore,
Jennifer Fabius, Jim Fenton, Matthew Halstead, Hildy Ferraiolo, Ryan Galluzzo, Robin Gandhi,
Mike Garcia, Paul Grassi, Marc Groman, Matthew Halstead, Kevin Herms, Scott Hill, Ralph
剩余493页未读,继续阅读

















资源评论

- #标题与内容不符
- #内容缺失
- #文件乱码
- #引导二次消费
- #需要密码
- #运行出错
- #毫无价值
- #上传者态度恶劣
- #无法联系上传者
- QQZG2019-01-31谢谢,不错
堂吉诃德lpy
- 粉丝: 1
- 资源: 11

上传资源 快速赚钱
我的内容管理 展开
我的资源 快来上传第一个资源
我的收益
登录查看自己的收益我的积分 登录查看自己的积分
我的C币 登录后查看C币余额
我的收藏
已下载
下载帮助

资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈



安全验证
文档复制为VIP权益,开通VIP直接复制
