Term:Common Security Control
Contents
NIST IR 7298
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties:
- 1) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and
- 2) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied. SOURCE: SP 800-53; FIPS 200
NIST IR 7328 Draft
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied. [NIST SP 800-37]
NIST SP 800-18r1
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied. [NIST SP 800-37]
NIST SP 800-37
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied.
NIST SP 800-39 Draft 2
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied. [NIST SP 800-37]
NIST SP 800-53A
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied. [NIST SP 800-37]
NIST SP 800-53r1
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied.
NIST SP 800-53r2
Common Security Control - Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied. [NIST SP 800-53r237]
