Tailoring (assessment Procedures)
Tailoring (assessment Procedures): The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the…
Definition
The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Alternative Definitions
- Definition 2
The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. (SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009) (NISTIR)
- Definition 3
The process by which assessment procedures defined in Special Publication 800-53A are adjusted, or scoped, to match the characteristics of the information system under assessment, providing organizations with the flexibility needed to meet specific organizational requirements and to avoid overly-constrained assessment approaches. (SP 800-53A) (NISTIR)