An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Federal Information Technology Security Assessment Framework
Published
Author(s)
E Roback
Abstract
[Prepared for the CIO Council's Security, Privacy, and Critical Infrastructure Committee] The Federal Information Technology (IT) Security Assessment Framework (or Framework) provides a method for agency officials to 1) determine the current status of their security programs relative to existing policy and 2) where necessary, establish a target for improvement. It does not establish new security requirements. The Framework may be used to assess the status of security controls for a given asset or collection of assets. These assets include information, individual systems (e.g., major applications, general support systems, mission critical systems), or a logically related grouping of systems that support operational programs, or operational programs (e.g., Air Traffic Control, Medicare, Student Aid). Assessing all asset security controls and all interconnected systems that the asset depends on produces a picture of both the security condition of an agency component and of the entire agency.
Roback, E.
(2000),
Federal Information Technology Security Assessment Framework, CSRC, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=918351, http://csrc.nist.gov
(Accessed October 31, 2024)