Getting More Bang for the Buck

FISMA boils down to the 17 security control areas found in NIST Special Publication 800-53: Minimum Security Controls for Federal Information Systems.

Each control area contains numerous requirements, based on the sensitivity level of the system.

However, three areas are key—Risk Assessment, Configuration Management, and Access Control

Management Controls	Operational Controls	Technical Controls
RA - Risk Assessment; PL - Planning; SA - System and Services Acquisition; CA - Certification, Accreditation, and Security Assessments	PS – Personnel Security PE – Physical and Environmental Protection CP – Contingency Planning CM – Configuration Management MA – Maintenance SI – System and Information Integrity MP – Media Protection IR – Incident Response AT – Awareness and Training	IA – Identification and Authentication AC – Access Control AU – Audit and Accountability SC – System and Communications Protection

Management Controls

Operational Controls

Technical Controls

RA - Risk Assessment;

PL - Planning;

SA - System and Services Acquisition;

CA - Certification, Accreditation, and Security Assessments

PS – Personnel Security

PE – Physical and Environmental Protection

CP – Contingency Planning

CM – Configuration Management

MA – Maintenance

SI – System and Information Integrity

MP – Media Protection

IR – Incident Response

AT – Awareness and Training

IA – Identification and Authentication

AC – Access Control

AU – Audit and Accountability

SC – System and Communications Protection

Text Only Version
Graphic Version