文件名称:NIST SP800-53 AppendicesDEF.pdf
文件大小:528KB
文件格式:PDF
更新时间:2023-03-10 06:14:44
NIST SP800
MINIMUM SECURITY CONTROLS – SUMMARY LOW-IMPACT, MODERATE-IMPACT, AND HIGH-IMPACT INFORMATION SYSTEMS he following table lists the minimum security controls, or security control baselines, for low-impact, moderate-impact, and high-impact information systems. The three security control baselines are hierarchical in nature with regard to the security controls employed in those baselines.1 If a security control is selected for one of the baselines, the family identifier and control number are listed in the appropriate column. If a control is not used in a particular baseline, the entry is marked “not selected.” Control enhancements, when used to supplement basic security controls, are indicated by the number of the control enhancement. For example, an “IR-2 (1)(2)” in the high baseline entry for the IR-2 security control indicates that the second control from the Incident Response family has been selected along with control enhancements (1) and (2). Some security controls and control enhancements in the security control catalog are not used in any of the baselines but are available for optional use by organizations if needed; for example, when indicated based on the results of a risk assessment indicate the need for additional controls or control enhancements in order to adequately mitigate risks to individuals, the organization, or its assets. A complete description of security controls, supplemental guidance for the controls, and control enhancements is provided in Appendix F. A detailed listing of security controls and control enhancements for each control baseline is available at: http://csrc.nist.gov/sec-cert.