Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: NIST 800-171-SECURITY FAMILIES

Tailoring Criteria (800-171 Appendix E)

Scroll Prev Top Next More

TAILORING CRITERIA

Listing of moderate security control baseline and tailoring actions

This appendix from 800-171 (Appendix E) provides a complete listing of the security controls in the NIST Special Publication 800-53 moderate baseline, one of the sources along with FIPS Publication 200, for the final CUI security requirements described in 800-171, Chapter Three.

 

800-171, Tables E-1 through E-17 contain the tailoring actions (by family) that have been carried out on the security controls in the moderate baseline in accordance with the tailoring criteria established by NIST and NARA. The tailoring actions facilitated the development of the CUI derived security requirements which supplement the basic security requirements obtained from the security requirements in FIPS Publication 200.

 

There are three primary criteria for eliminating a security control or control enhancement from the moderate baseline including —

TAILORING SYMBOL

TAILORING CRITERIA

CUI

Basic or derived security requirement is reflected in and is traceable to the security control, control enhancement, or specific elements of the control/enhancement.

FED

The control or control enhancement is uniquely federal (FED) (i.e., primarily the responsibility of the federal government);

NCO

The control or control enhancement is not directly related to protecting the confidentiality of CUI; or

NFO

The control or control enhancement is expected to be routinely satisfied by nonfederal organizations without specification.

 

 

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056