Doc:NIST SP 800-53Ar1 FPD Appendix A

APPENDIX A

REFERENCES

LAWS, POLICIES, DIRECTIVES, INSTRUCTIONS, STANDARDS, AND GUIDELINES

1.E-Government Act [includes FISMA] (P.L. 107-347), December 2002.

2.Federal Information Security Management Act (P.L. 107-347, Title III), December 2002.

1.Committee on National Security Systems (CNSS) Instruction 4009, National Information Assurance Glossary, June 2006.

2.Committee on National Security Systems (CNSS) Instruction 1253, Security Categorization and Control Selection for National Security Systems, October 2009.

3.Office of Management and Budget, Circular A-130, Appendix III, Transmittal Memorandum #4, Management of Federal Information Resources, November 2000.

4.Office of Management and Budget Memorandum M-02-01, Guidance for Preparing and Submitting Security Plans of Action and Milestones, October 2001.

1.National Institute of Standards and Technology Federal Information Processing Standards Publication 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004.

2.National Institute of Standards and Technology Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.

3.ISO/IEC 15408:2005, Common Criteria for Information Technology Security Evaluation, 2005.

1.National Institute of Standards and Technology Special Publication 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems, February 2006.

2.National Institute of Standards and Technology Special Publication 800-30, Risk Management Guide for Information Technology Systems, July 2002.

3.National Institute of Standards and Technology Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, February 2010.

4.National Institute of Standards and Technology Special Publication 800-39 (Second Public Draft), Managing Risk from Information Systems: An Organizational Perspective, April 2008.

5.National Institute of Standards and Technology Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems and Organizations, August 2009.

6.National Institute of Standards and Technology Special Publication 800-59, Guideline for Identifying an Information System as a National Security System, August 2003.

7.National Institute of Standards and Technology Special Publication 800-60, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, August 2008.

8.National Institute of Standards and Technology Special Publication 800-126, Revision 1 (Draft), The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0, December 2009.

Source

• Final Public Draft of NIST SP 800-53A Rev. 1 Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans (PDF)