U.S. Department of Health and Human Services
Each family of controls has a group of standards that organizations must meet in order to ensure system security. These include standards for:
Identification and Authorization
Audit and Accountability
System and Communications Protection
The controls found in NIST SP 800-53 Rev.3 can be used as part of a risk assessment or security test and evaluation.
The implementation (or planned implementation) of these controls should be documented in the System Security Plan.
IT Administrators may be responsible for testing the controls, or implementing controls after an external/independent reviewer finds weaknesses
Page 3 of 5
Using Security Controls
IT Specialists and Technical Controls