Security Self-Assessment Guide for Information Technology Systems   [open pdf - 1MB]

There are many methods and tools for agency officials to help determine the current status of their security programs relative to existing policy. Ideally many of these methods and tools would be implemented on an ongoing basis to systematically identify programmatic weaknesses and where necessary, establish targets for continuing improvement. This document provides a method to evaluate the security of unclassified systems or groups of systems; it guides the reader in performing an IT security self-assessment. Additionally, the document provides guidance on utilizing the results of the system self-assessment to ascertain the status of the agency-wide security program. The results are obtained in a form that can readily be used to determine which of the five levels specified in the Federal IT Security Assessment Framework the agency has achieved for each topic area covered in the questionnaire. The goal of this document is to provide a standardized approach to assessing a system. This document strives to blend the control objectives found in the many requirement and guidance documents. To assist the reader, a reference source is listed after each control objective question listed in the questionnaire.

Report Number:
NIST Special Publication 800-26
Public Domain
Media Type:
Help with citations