Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: » No topics above this level «

APPENDIX E: TAILORING CRITERIA

Scroll Prev Top Next More

LISTING OF MODERATE SECURITY CONTROL BASELINE AND TAILORING ACTIONS

This appendix provides a complete listing of the security controls in the NIST Special Publication 800-53 moderate baseline, one of the sources along with FIPS Publication 200, for the final CUI security requirements described in Chapter Three. Tables E-1 through E-17 contain the tailoring actions (by family) that have been carried out on the security controls in the moderate baseline in accordance with the tailoring criteria established by NIST and NARA.31 The tailoring actions facilitated the development of the CUI derived security requirements which supplement the basic security requirements obtained from the security requirements in FIPS Publication 200.32

There are three primary criteria for eliminating a security control or control enhancement from the moderate baseline including—

The control or control enhancement is uniquely federal (i.e., primarily the responsibility of the federal government);

The control or control enhancement is not directly related to protecting the confidentiality of CUI;33 or

The control or control enhancement is expected to be routinely satisfied by nonfederal organizations without specification.34

The following symbols are used in Tables E-1 through E-17 to specify the particular tailoring actions taken or when no tailoring actions were required.

TAILORING
SYMBOL

TAILORING CRITERIA

NCO

NOT DIRECTLY RELATED TO PROTECTING THE CONFIDENTIALITY OF CUI.

FED

UNIQUELY FEDERAL, PRIMARILY THE RESPONSIBILITY OF THE FEDERAL GOVERNMENT.

NFO

EXPECTED TO BE ROUTINELY SATISFIED BY NONFEDERAL ORGANIZATIONS WITHOUT SPECIFICATION.

CUI

THE CUI BASIC OR DERIVED SECURITY REQUIREMENT IS REFLECTED IN AND IS TRACEABLE TO THE SECURITY CONTROL, CONTROL ENHANCEMENT, OR SPECIFIC ELEMENTS OF THE CONTROL/ENHANCEMENT.


 

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056