01012nas a2200109   4500000000100000008004100001260001500042100001600057245006400073856007800137520068700215       2020                            d  c2020-10-281 aJOINT FORCE00aControl Baselines for Information Systems and Organizations  uhttps://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53B.pdf3 aThis publication provides security and privacy control baselines for the Federal Government.
There are three security control baselines (one for each system impact level—low-impact,
moderate-impact, and high-impact), as well as a privacy baseline that is applied to systems
irrespective of impact level. In addition to the control baselines, this publication provides
tailoring guidance and a set of working assumptions that help guide and inform the control
selection process. Finally, this publication provides guidance on the development of overlays to
facilitate control baseline customization for specific communities of interest, technologies, and
environments of operation.