• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.951 ■ Spring 2023 ■ Jose Gomez
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Course
      • Unit 0a – Introduction
      • Unit 0b – The Threat Environment
      • Unit 1a – System Security Plan
      • Unit 1b – Planning and Policy
      • Unit 2a – Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Unit 2b – Cryptography
      • Unit 3a – Secure Networks
      • Unit 3b – Firewalls, Intrusion Detection and Protection Systems
    • Second Half of the Course
      • Unit 4b – Case Study 2 Data Breach at Equifax
      • Unit 5a – Access Control
      • Unit 5b Host Hardening
      • Unit 6a Application Security
      • Unit 6b Data Protection
      • Unit 7a – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Team Project Instructions
  • Harvard Coursepack

NIST 800 53r4 Security and Privacy Controls for Federal Information Systems and Organizations

January 1, 2024 by Jose Gomez 3 Comments

Post your thoughtful analysis about one key point you took from this assigned reading.

Filed Under: 2b - Cryptography Tagged With:

Reader Interactions

Comments

  1. Chenhao Zhang says

    March 1, 2024 at 10:49 am

    NIST SP 800-53r4, “Security and Privacy Controls for Federal Information Systems and Organizations,” is a comprehensive guide that provides a framework for federal agencies to select and implement security and privacy controls for their information systems and organizations.
    Here are some key elements of NIST SP 800-53r4:
    Security and Privacy Controls Catalog: The document includes a catalog of security and privacy controls that agencies can use to address specific security requirements. These controls are organized into families such as access control, audit and accountability, awareness and training, configuration management, identification and authentication, incident response, maintenance, media protection, personnel security, physical and environmental security, planning, program management, recovery, risk assessment, and system and services acquisition.
    Control Baselines: NIST SP 800-53r4 defines several control baselines that agencies can adopt based on their specific needs and risk tolerances. These baselines include a low baseline, a moderate baseline, and a high baseline, each with a corresponding set of security and privacy controls.
    Integration with Other Frameworks: The document provides guidance on how to integrate NIST SP 800-53r4 with other frameworks and standards, such as the Risk Management Framework (RMF) and the Federal Information Processing Standards (FIPS).
    Updated Controls and Enhancements: NIST SP 800-53r4 includes updated controls and enhancements to address evolving cyber threats and best practices. These updates reflect lessons learned from past incidents, new security technologies, and evolving privacy requirements.
    Focus on Privacy: In addition to traditional security controls, the document also includes a focus on privacy controls to address the protection of personally identifiable information (PII) and other sensitive data.
    To implement the controls outlined in NIST SP 800-53r4, agencies are expected to conduct a thorough risk assessment, develop a security plan, and implement the appropriate controls based on their risk tolerance and business needs. Agencies are also encouraged to continuously monitor and evaluate their security controls to ensure they remain effective and up to date.

    Log in to Reply
  2. Yi Liu says

    March 3, 2024 at 11:38 am

    One key point you took from this assigned reading is its focus on security controls. These controls are the safeguards and countermeasures that are prescribed for information systems to protect the confidentiality, integrity, and availability of information that these systems process, store, and transmit.
    The document emphasizes that the selection and implementation of these security controls are critical tasks with major implications for the operations and assets of organizations, the welfare of individuals, and national security. The controls are part of a broader risk management process that includes identifying and mitigating risks and monitoring these on an ongoing basis.

    Log in to Reply
  3. Yi Liu says

    March 3, 2024 at 12:00 pm

    In today’s environment of complex information technology infrastructure and high visibility mission critical applications, performing security control assessments and privacy control assessments can be difficult, challenging, and resource intensive. Security and privacy control assessments may be conducted by different organizational entities with different oversight responsibilities. The key to success, however, is the cooperation and collaboration of all parties with a stake. Establishing an appropriate set of expectations before, during, and after an evaluation is critical to achieving an acceptable outcome -that is, producing the information needed to help empower officials make reliable risk-based decisions about whether to put an information system into operation or to continue operating

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

READINGS & CASE STUDY QUESTIONS

  • 0a – Introduction (1)
  • 0b – The Threat Environment (5)
  • 1a – System Security Plan (4)
  • 1b – Planning and Policy (4)
  • 2a – Case Study 1 (4)
  • 2b – Cryptography (4)
  • 3a – Secure Networks (5)
  • 3b – Firewalls and IDS and IPS (3)
  • 4b – Case Study 2 (4)
  • 5a – Access Control (5)
  • 5b – Host Hardening (3)
  • 6a – Application Security (4)
  • 6b – Data Protection (2)
  • 7a – Incident and Disaster Response (3)
Fox School of Business

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in