This repository/site is used for the organization and collaborative creation and management of the various Controls and System Documentation used to inform a Federal Agency Project's Authorization to Operate (ATO). Documentation is structured in accordance with GSA's Lightweight ATO or (LATO) for a FIMSA Compliance utilizing NIST standard format 800 (NIST 800 rev.4 - See Data and Docs directory for all referenced materials). The site provides a minimalist approach to separately managing Security Documentation across and amongst teams and boundaries.
NIST SP 800-53 Control Families
- AC - Access Control
- AU - Audit and Accountability
- AT - Awareness and Training
- CM - Configuration Management
- CP - Contingency Planning
- IA - Identification and Authentication
- IR - Incident Response
- MA - Maintenance
- MP - Media Protection
- PS - Personnel Security
- PE - Physical and Environmental Protection
- PL - Planning
- PM - Program Management
- RA - Risk Assessment
- CA - Security Assessment and Authorization
- SC - System and Communications Protection
- SI - System and Information Integrity
- SA - System and Services Acquisition