01179nas a2200109   4500000000100000008004100001260001500042100001600057245008500073856008000158520083100238       2022                            d  c2022-01-251 aJoint Force00aAssessing Security and Privacy Controls in Information Systems and Organizations  uhttps://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar5.pdf3 aThis publication provides a methodology and set of procedures for conducting assessments of
security and privacy controls employed within systems and organizations within an effective risk
management framework. The assessment procedures, executed at various phases of the system
development life cycle, are consistent with the security and privacy controls in NIST Special
Publication 800-53, Revision 5. The procedures are customizable and can be easily tailored to
provide organizations with the needed flexibility to conduct security and privacy control
assessments that support organizational risk management processes and are aligned with the
stated risk tolerance of the organization. Information on building effective security and privacy
assessment plans is also provided with guidance on analyzing assessment results.