Search results
10 gru 2020 · This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural... See full abstract.
- SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations
This publication provides a catalog of security and privacy...
- SP 800-53A Rev. 5
Date Published: January 2022 Supersedes: SP 800-53A Rev. 4...
- CSRC
This publication provides security and privacy control...
- Blog Post
Consolidating the control catalog: Information security and...
- Oscal
NIST, in collaboration with industry, is developing the Open...
- Homeland Security Presidential Directive 12
October 17, 2023 NIST is issuing one new proposed control...
- OMB Circular A-11
Use these CSRC Topics to identify and learn more about...
- E-Government Act
E-Government Act of 2002 (Public Law 107-347; December 17,...
- SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations
Definitions: Examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system. Sources: CNSSI 4009-2015.
Configuration change control includes changes to baseline configurations, configuration items of systems, operational procedures, configuration settings for system components, remediate vulnerabilities, and unscheduled or unauthorized changes.
Typical processes for managing configuration changes to information systems include, for example, Configuration Control Boards that approve proposed changes to systems.
This PDF is produced from OSCAL Source data and represents a derivative format of controls defined in NIST SP 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organization .
This process includes the addition of new assets, changes to assets, and the elimination of assets. The purpose of configuration and change management is to “establish processes to ensure the integrity of assets, using change control and change control audits” (CRR).
25 sty 2022 · Updated to correspond with the security and privacy controls in SP 800-53 Revision 5, this publication provides a methodology and set of assessment procedures to verify that the controls are implemented, meet stated control objectives, and achieve the desired security and privacy outcomes.
