Information Technology Reference
In-Depth Information
Table D.1 presents SMP categories, and Table D.2 presents an SMP framework
and an interpretation guide template based on NIST SP 800-53. The control sum-
mary verbiage is almost verbatim from the NIST document. The actual NIST SP
800-53 document contains much more detail. The interpretation column provides
an organizational-specific summary of what the control means to the organiza-
tion. Often, security professionals within the same organization will interpret guid-
ance differently. The interpretation guide provides a consistent, organizationally
accepted interpretation.
table D.1
SMp Categories (Based on Sp 800-53)
Control 
Reference
Category
Summary
Interpretation
AC
Access control technical
Intentionally left
blank
Intentionally left
blank
AT
Awareness and training
AU
Audit and accountability
CA
Certification, accreditation, and
security assessments
CM
Configuration management
CP
Contingency planning
IA
Identification and
authentication
IR
Incident response
MA
Maintenance
MP
Media protection
PE
Physical and environmental
protection
PL
Planning
PS
Personnel security
RA
Risk assessment
SA
System and services acquisition
SC
System and communications
protection
SI
System and information
integrity
