Public Law 107-347 Section III
Federal Information Security Management Act of 2002
December 2002
Homeland Security Presidential Directive #7
Critical Infrastructure Identification, Prioritization, and Protection
December 2003
OMB Circular A-130, Appendix III
Security of Federal Automated Information Resources
November 2003
FIPS Publication 199
Standards for Security Categorization of Federal Information and Information Systems
February 2004
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Stu Katzke, (301) 975-4768
FIPS Publication 200
Minimum Security Requirements for Federal Information and Information Systems
March 2006
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247
NIST Special Publication 800-18, Revision 1
Guide for Developing Security Plans for Federal Information Systems
February 2006
Primary Contact: Marianne Swanson, (301) 975-3293
Alternate Contact: Matt Scholl, (301) 975-2941
NIST Special Publication 800-30
Risk Management Guide for Information Technology Systems
July 2002
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Matt Scholl, (301) 975-2941
DRAFT Special Publication 800-37, Revision 1 Guide for Security Authorization of Federal Information Systems: A Security Lifecycle Approach (initial public draft)
August 2008
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Marianne Swanson, (301) 975-3293
NIST Special Publication 800-37
Guide for the Security Certification and Accreditation of Federal Information Systems
May 2004
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Marianne Swanson, (301) 975-3293
DRAFT Special Publication 800-39 (2nd Draft)
Managing Risk from Information Systems: An Organizational Perspective
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact:
Marianne Swanson, (301) 975-3293
(April 2008)
NIST Special Publication 800-53, Revision 2
Recommended Security Controls for Federal Information Systems
December 2007
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247
Annex 1: Baseline Security Controls for Low-Impact Information Systems
Adobe PDF
Annex 2: Baseline Security Controls for Moderate-Impact Information Systems
Adobe PDF
Annex 3: Baseline Security Controls for High-Impact Information Systems
Adobe PDF
NIST Special Publication 800-53, Revision 1
Recommended Security Controls for Federal Information Systems
December 2006
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247
Annex 1: Baseline Security Controls for Low-Impact Information Systems
Adobe PDF (352 KB)
Zipped Adobe PDF (269 KB)
Annex 2: Baseline Security Controls for Moderate-Impact Information Systems
Adobe PDF (467 KB)
Zipped Adobe PDF (364 KB)
Annex 3: Baseline Security Controls for High-Impact Information Systems
Adobe PDF (506 KB)
Zipped Adobe PDF (395 KB)
NIST Special Publication 800-53A
Guide for Assessing the Security Controls in Federal Information Systems
June 2008
Primary Contact: Ron Ross, (301) 975-5390
Alternate Contact: Arnold Johnson, (301) 975-3247
NIST Special Publication 800-59
Guideline for Identifying an Information System as a National Security System
August 2003
Primary Contact: Curt Barker, (301) 975-8443
Alternate Contact: Arnold Johnson, (301) 975-3247
NIST Special Publication 800-60, Revision 1 VOLUME 1 of 2 (document)
Guide for Mapping Types of Information and Information Systems to Security Categories
August 2008
Primary Contact: Kevin Stine, (301) 975-4483
Alternate Contact: Arnold Johnson, (301) 975-3247
Special Publication 800-60 Revision 1 VOLUME 2 of 2 (Appendices)
Guide for Mapping Types of Information and Information Systems to Security Categories
August 2008
Primary Contact: Kevin Stine, (301) 975-4483
Alternate Contact: Arnold Johnson, (301) 975-3247
DRAFT NIST IR 7328
Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems
(September 2007)
Primary Contact: Arnold Johnson, (301) 975-3247
Presentations from the NIST Security Seminar on February 1, 2007
NIST Presentation - (black & white)
FDIC Presentation
Automated Security Support Tools: The Key to Successful FISMA Implementation
FISMA Information Security Poster
FISMA Implementation: The Strategy, Challenges, and Roadmap Ahead
Certification and Accreditation Tutorial
Memorandum For Record: Security Controls Assessment Form (SP 800-53A),
[updated 05/24/07]