Citation[]
National Security Systems Instruction (CNSSI) 1253, Security Categorization and Control Selection for National Security Systems (Ver. 1) (Oct. 2009) (full-text); (Ver. 2) (Mar. 15, 2012) (full-text).
Overview[]
This document provides all Federal Government departments, agencies, bureaus, and offices with a process for security categorization of National Security Systems (NSS). It references a comprehensive set of security controls and enhancements that may be applied to any NSS.
CNSSI No. 1253 also provides tailoring guidance so that organizations may select a robust set of security controls to secure their NSS based on assessed risk.
This Instruction should be used as a tool by Information Systems Security Engineers, Authorizing Officials, Senior Information Security Officers, and others to select and agree upon appropriate protections for an NSS.
This Instruction derives its authority from National Security Directive 42 ("National Policy for the Security of National Security Telecommunications and Information Systems"), which outlines the roles and responsibilities for securing NSS, and applicable sections of the Federal Information Security Management Act of 2002 (FISMA).