Spotlight
Authorizing Official Program Guidance Documents
Unless otherwise noted, the most recent version of each document available 180 days prior to submission should be utilized.
- Determine if the system is or will be a National Security System (NSS)
- National Institute of Standards & Technology (NIST) Special Publication (SP) 800-59, “Guideline for Identifying an Information System as a National Security System”
- “National Security System Identification Checklist” Appendix A
- National Institute of Standards & Technology (NIST) Special Publication (SP) 800-59, “Guideline for Identifying an Information System as a National Security System”
- Risk Assessment
- NIST SP 800-30, “Guide for Conducting Risk Assessments”
- Security Categorization
- NIST Federal Information Processing Standards (FIPS) Publication (PUB) 199 “Standards for Security Categorization of Federal Information and Information Systems”
- NIST FIPS PUB 200 “Minimum Security Requirements for Federal Information and Information Systems”
- Information System Security Plan
- NIST SP 800-18, “Guide for Developing Security Plans for Federal Information Systems”
- NIST SP 800-37, “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy”
- NIST SP 800-39, “Managing Information Security Risk”
- NIST SP 800-53, “Security and Privacy Controls for Information Systems and Organizations”
- NIST SP 800-53B, “Control Baselines for Information Systems and Organizations”
- CNSS Policy (CNSSP) No. 18, “National Policy for Classified Information Spillage”
- Committee on National Security Systems Instruction (CNSSI) No. 1253, “Security Categorization and Control Selection for National Security Systems”
- CNSSI No. 1253E Attachment 5, “Classified Systems Overlay”
Page Last Reviewed/Updated Monday, August 04, 2025
Page Last Reviewed/Updated Monday, August 04, 2025