Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide for Developing Security Plans for Information Technology Systems

Published

Author(s)

Marianne M. Swanson

Abstract

[Superseded by SP 800-18 Revision 1 (February 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150601] Today's rapidly changing technical environment requires federal agencies to adopt a minimum set of management controls to protect their information technology (IT) resources. These management controls are directed at individual information technology users in order to reflect the distributed nature of today's technology. Technical and operational controls support management controls. To be effective, these controls all must interrelate. This document provides a guideline for federal agencies to follow when developing the security plans that document the management, technical, and operational controls for federal automated information systems.
Citation
Special Publication (NIST SP) - 800-18
Report Number
800-18

Keywords

computer security, security management controls, security plans

Citation

Swanson, M. (1998), Guide for Developing Security Plans for Information Technology Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed October 31, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created December 1, 1998, Updated February 19, 2017