
The “Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems”, the document defines a process for determining if security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting organisational security policies.
The publication is expected to be useful to IT managers who must satisfy requirements of the 2002 U.S. Federal Information Security Management Act (FISMA), as well as to IT professionals across the industry.
“When security controls are less than fully effective, information system vulnerabilities can be exploited by adversaries to compromise the confidentiality, integrity and availability of information processed, stored and transmitted by the system,” said Ron Ross, project leader, FISMA Implementation Project.
Additional tools and techniques for implementing the assessment procedures in Special Publication 800-53A are expected to be made available on the NIST Web site after July 25.