Citation[]
NIST, Guide for Assessing the Security Controls in Federal Information Systems (NIST Special Publication 800-53A) (June 2010).(full-text)
Overview[]
This publication was written to facilitate security control assessments conducted within an effective risk management framework. The assessment results provide organizational officials with:
- Evidence about the effectiveness of security controls in organizational information systems;
- An indication of the quality of the risk management processes employed within the organization; and
- Information about the strengths and weaknesses of information systems which are supporting organizational missions and business functions in a global environment of sophisticated and changing threats.