Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 41

The National Institute of Standards and Technology is a nonregulatory agency of the U.S. Department of Commerce, whose mission is to promote innovation and industrial competitiveness by advancing standards and technologies. NIST publishes and manages a variety of special publications related to information security, cloud computing, and other technologies. NIST 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations,” is NIST's massive security control framework. Though NIST 800-53 was initially created to aid U.S. government agencies in managing their security programs, it is widely regarded as one of the most comprehensive baselines of security controls and is referenced across many industries around the globe. NIST 800-53 defines hundreds of security controls across the following 18 control families:

 Access control (AC)

 Awareness and training (AT)

 Audit and accountability (AU)

 Security assessment and authorization (CA)

 Configuration management (CM)

 Contingency planning (CP)

 Identification and authentication (IA)

 Incident response (IR)

 Maintenance (MA)

 Media protection (MP)

 Physical and environmental protection (PE)

 Planning (PL)

 Personnel security (PS)

 Risk assessment (RA)

 System and services acquisition (SA)

 System and communications protection (SC)

 System and information integrity (SI)

 Program management (PM)

NOTE The latest revision of NIST 800-53, Rev. 5, was released in September 2020.