NOTE: NIST Special Publication 800-26 was superseded by NIST Special Publication 800-53 (Rev. 3) and the NIST Special Publication 800-53A (Rev. 1). Agencies are required to use FIPS 200/NIST Special Publication 800-53 for the specification of security controls and NIST Special Publication 800-53A for the assessment of security control effectiveness.
This document built on the Federal IT Security Assessment Framework (Framework) developed by NIST for the Federal Chief Information Officers Council. The Framework established the groundwork for standardizing on five levels of security status and criteria agencies could use to determine if the five levels were adequately implemented. This document provided guidance on applying the Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provided control objectives and techniques that could be measured for each area.