Security Control Selection Phase 2

  • C&A analyst selects Recommended controls from NIST SP 800-53 base on the system categorization-Low, Moderate or High to develop the Security Control Baseline draft
  • C&A Analyst provides Draft of the Security Control Baseline to the information System Security Officer (ISSO) and the System Owner for review
  • ISSO and System Owner identify common controlHybrid controlsystem specific control and control Not applicable
  • The above process is called Tailoring of Security control baseline
  • Final Security Control Baseline is created after system owner and ISSO review and tailor the security control baseline
error: Content is protected !!