United States has created law which ensures that minimum requirements to implement information security. It is made compulsory for the federal government to comply with this law to secure their information systems. FISMA which is the federal institute of standards and technology empower NIST (the national institute of standards and technology) to determine the technology needs or requirements.
These requirements are illustrated in FIPS 200( federal information Processing Standard) which is the minimum security needs of federal information and information systems. This further cite the NIST publication 800-53. This publication includes the minimum-security controls which should be implemented by the federal agencies.
NIST SP 800-53 has gone through many modifications and changes and several revisions has been released for more developed cybersecurity framework. There have been for revisions of NIST SP 800-53 and the latest one is also known as NIST SP 800-53r4.
The goal and basic idea of NIST SP 800-53 is to determine the cybersecurity principles and guidelines for U.S federal government agencies and information systems. These rules and standards are also implemented by the private sector because it addresses the best practices of cybersecurity in industry.
Due to the increasing risks to the confidentiality , integrity of information systems, there is a need of more security controls to protect the system. So the revisions 4 for SP 800-53 provides the baselines of security controls as the basis for the security control selection process. These baselines are selected according to the security sections and their consequences level related to information systems as portrayed in FIPS 200 and FIPS 199.