- Log In
- Renew Online
- Buyers Guide
- Membership Card
- Webcasts
- Member Search
- Your Profile
- Support Materials
- ISSA Journal
- E-News
- Volunteer Opportunities
The current ISSA Journal is available for online viewing to active members only. Click on Journal cover.
The ISSA Journal
July 2009
Not a member? Read the feature article for free,
and join today for full access!
Successful Security Control Selection Using NIST SP 800-53, By Chad Andersen
With the NIST framework, the decision to implement selected security controls is structured and based on the risk tolerance and mission objectives of the organization.
Federal information systems are required to comply with Public Law 107-347, better known as the Federal Information Security Management Act (FISMA) of 2002. As a part of this law, information systems must ensure adequate security to protect government assets and information. FISMA delegates the development of the security standards to the National Institute of Standards and Technology (NIST). NIST has in turn developed a number of security standards and guidance related to FISMA, including NIST Special Publication (SP) 800-53 Recommended Security Controls for Federal Information Systems.
While NIST SP 800-53 is required for federal (unclassified) information systems, NIST encourages its use outside of the federal space as well. Non-federal government and commercial organizations can utilize the NIST framework to formalize their security program, analyze risk, and make informed decisions for securing their information, assets, and services.
Information system categorization
Determining how much security is enough is a daunting task and is often filled with guesswork. However, with the NIST framework, the decision to implement selected security controls is structured and based on the risk tolerance and mission objectives of the organization.
Contribute to the Journal
Are you interested in contributing an article to the ISSA Journal? Please contact editor@issa.org, and review the Editorial Guidelines and 2009 Editorial Calendar.
Advertise in the Journal
To learn about sponsorship opportunities, please request a Media Kit.