what guidance identifies federal information security controls

The guidance that identifies federal information security controls is the National Institute of Standards and Technology (NIST) Special Publication 800-53. This publication provides guidelines on how an organization can identify the adequacy of in-place security controls, policies, and measures. The Federal Information Security Management Act (FISMA) is another legislation that assigns responsibilities to various agencies to ensure the security of data in the federal government. FISMA defines a framework of guidelines and security standards to ensure that risks are kept at or below specified acceptable levels in a cost-effective, timely, and efficient manner. The NIST outlines numerous steps toward compliance with FISMA, including risk categorization, selecting minimum baseline controls, and documenting the controls in the system security plan.