This document was adapted, with permission, from NIST 800-53, which is available in PDF format from the National Institute of Standards and Technology Web site. This adaptation was a joint effort of three units at NC State University:
It provides guidelines for developing and implementing best practice security controls for NC State information systems and is intended for use by all NC State information technology and information security personnel responsible for security management oversight, operational processes and technical security. The term “organization” is used in this document to mean either NC State University as a whole or an individual department or division within it.
The Federal Information Processing Standards (FIPS 199) formula will be employed to categorize information systems as low-impact, moderate-impact, or high-impact for the security objectives of confidentiality, integrity and availability. The generalized format for expressing the security category (SC) of each information system is:
SCinformation system ={(confidentiality, impact), (integrity, impact), (availability, impact)}
The acceptable values for potential impact are Low, Moderate or High. The overall value of SC is the high water mark of confidentiality, integrity or availability.
Below are links to each topic relating to IT security. On each of these pages is a series of security controls. For each control there is
Content reviewed on July 19, 2006 by Jeff Webster
Page last modified
July 19, 2006
by cawalker