NIEF Minimal Security Controls Profile for Key Asset and Critical Infrastructure Protection Data, v1.0
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Key Asset and Critical Infrastructure Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.2. Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel. The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 184.108.40.206). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline. Systems that handle Key Asset and Critical Infrastructure Protection information should operate at an impact level of HIGH confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST.
Key Asset and Critical Infrastructure Protection
This document and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
NIEF Minimal Set of Security Controls for Systems with a HIGH-HIGH-HIGH Risk Profile, v1.0
|Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-HIGH-HIGH impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, HIGH integrity, and HIGH availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.
|National Identity Exchange Federation
|NIST Special Publication 800-60 Volume I, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, National Institute of Standards and Technology, August 2008. Available at https://doi.org/10.6028/NIST.SP.800-60v1r1.
|NIST Special Publication 800-60 Volume II, Revision 1, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, National Institute of Standards and Technology, August 2008. Available at https://doi.org/10.6028/NIST.SP.800-60v2r1.
|Just a spreadsheet test.