U.S. Department of Health and Human Services
The security controls outlined by NIST SP 800-53 Rev.3 are used in combination with the low/moderate/high risk management guidance in FIPS 199, Standards for Security Categorization of Federal Information and Information Systems and FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. HHS security procedures and practices reflect the NIST and FIPS recommendations and requirements.
Page 1 of 12
Security Control Selection
Purpose of NIST SP 800-53 Revision 3