User:Buddy4919/Sandbox

NIST Special Publication 800-53, "Recommended Security Controls for Federal Information Systems and Organizations," catalogs security controls for U.S. federal information systems. It is published by the National Institute of Standards and Technology (NIST), which is a non-regulatory agency of the United States Department of Commerce.

A key part of the Ce0rtification and Accreditation process for federal information systems is selecting and implementing a subset of the controls (safeguards) from the Security Control Catalog (NIST 800-53, Appendix F). The security categorization of the information system (low, moderate or high) determines the baseline collection of controls that must be implemented and monitored. The first and second steps in the Risk management framework, defined in NIST Special Publication 800-37, are to categorize the information system and then select the controls from the control catalog.

Security controls are the management, operational, and technical safeguards or countermeasures prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.