Control Baselines for Information Systems and Organizations

This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level—low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is applied to systems irrespective of impact level. In addition to the control baselines, this publication provides tailoring guidance and a set of working assumptions that help guide and inform the control selection process. Finally, this publication provides guidance on the development of overlays to facilitate control baseline customization for specific communities of interest, technologies, and environments of operation.

• Publication year

  2020

• Venue

  Unknown venue

• Publication date

  2020-07-31

• Fields of study

  Computer Science

• Identifiers
  DOI 10.6028/nist.sp.800-53b-draft
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Security and Privacy Controls for Information Systems and Organizations

  2020cited by this paper
• Risk management framework for information systems and organizations:: a system life cycle approach for security and privacy

  2018cited by this paper
• An Introduction to Privacy Engineering and Risk Management in Federal Systems

  2017cited by this paper
• Automation Support for Security Control Assessments: Volume 1: Overview

  2016cited by this paper
• Guide for Conducting Risk Assessments

  2012cited by this paper
• Managing Information Security Risk: Organization, Mission, and Information System View | NIST

  2011cited by this paper
• Minimum Security Requirements for Federal Information and Information Systems

  2006cited by this paper
• Guide for Developing Security Plans for Federal Information Systems

  2006cited by this paper
• Guide for Mapping Types of Information and Information Systems to Security Categories (2 vols.) | NIST

  2004cited by this paper
• Standards for Security Categorization of Federal Information and Information Systems

  2004cited by this paper
• Guideline for Identifying an Information System as a National Security System

  2003cited by this paper

• Experimental Evaluation of AI-Augmented Cybersecurity Requirements Generation Leveraging LLMs’ Capabilities

  2026cites this paper
• A Scalable Game-Theoretic Approach for Selecting Security Controls from Standardized Catalogues

  2025cites this paper
• A Survey of Digital Twin Healthcare Cybersecurity Implementation Methods

  2025influential citation
• The Notional Risk Scores Approach to Space Cyber Risk Management

  2025cites this paper
• Space Cyber Risk Management: Desired Properties

  2025cites this paper
• Revisiting Past Cyber Security Recommendations: Lessons we Have Failed to Learn

  2024cites this paper
• Adoption of Best Practices in Running and Maintaining IT-Based Information Systems in Higher Learning Institutions

  2024cites this paper
• Jaminan Informasi dan Keamanan yang Lebih Baik: Studi Kasus BPJS Kesehatan

  2024cites this paper
• A Game-Theoretic Approach for Security Control Selection

  2024cites this paper
• Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology

  2023cites this paper
• CYBERSECURITY ASSURANCE IN SMART CITIES: A RISK MANAGEMENT PERSPECTIVE

  2023cites this paper
• IMPROVEMENT OF THE CYBER PROTECTION OFTHE ARMED FORCES TAKING INTO ACCOUNT THE EXPERIENCE OF COUNTERING MILITARY CYBER ATTACKS OF THERUSSIAN FEDERATION IN 2022

  2022cites this paper
• Cybersecurity Controls for Connected Aircraft Systems that Support Safety Services

  2022influential citation
• Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure

  2021cites this paper
• Balisage: The Markup Conference Balisage Paper: The Model Made Me Do It! A Cautionary Tale from a Security Control Baseline Tool Developer

  2021cites this paper
• Managing Cyber Security Risks of the Cyber-Enabled Ship

  2020cites this paper