Recommended Security Controls for Federal Information Systems and Organizations

This chapter of the NIST (SP) 800-53 discusses the fundamental concepts of security control selection and specification. These concepts include Security Control Organization and Structure, Security Control Baselines, Common Controls, Security Controls in External Environments, Security Control Assurance, and Revisions and Extensions of Controls. Below is a table outlining the Security Control Organization and Structure.

                                                                         Table 1.1

  

The below table describes the process of selecting and specifying security controls for an information system to include. These processes include Risk Management, Information System Categorization, Security Control Selection, as well as Security Control Monitoring, The figure below shows the specific processes in the Risk Management framework.

                                                                           Table 2.1

References:

http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-

rev3-final-errata.pdf