Recommended Security Controls for Federal Information Systems and Organizations
NIST SP-800-53 provides detailed security controls to which services provided to American federal organizations should comply to. The FEDRAMP-program is a cloud-related update based on this recommendation.
The standard uses the following structure to group its controls:
For example, the control ‘SI-9′ is aimed at application security, requiring all information systems to deploy authorization controls limiting the input of information:
“The purpose of this publication is to provide guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government to meet the requirements of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. The guidelines apply to all components11 of an information system that process, store, or transmit federal information.”