3.5.13 Maintain the System Security Category and Impact Levels -- 3.6 Chapter Summary -- References -- Chapter 4: Step 2-Select Security Controls -- 4.1 Understanding Control selection -- 4.2 Federal Information Processing Standard Publication 200 -- 4.3 Implementation of Step 2-Select Security Controls -- 4.4 Document Collection and Relationship Building -- 4.5 Select Initial Security Control Baselines and Minimum Assurance Requirements -- 4.6 Apply Scoping Guidance to Initial Baselines -- 4.7 Determine Need for Compensating Controls -- 4.8 Determine Organizational Parameters -- 4.9 Supplement Security Controls -- 4.10 Determine Assurance Measures for Minimum Assurance Requirements -- 4.11 Complete Security Plan -- 4.12 Develop Continuous Monitoring Strategy -- 4.13 Approval of Security Plan and Continuous Monitoring Strategy -- 4.14 Other Control Libraries -- 4.14.1 Control Objectives for Information and Related Technology (COBIT 5) -- 4.14.2 CIS Critical Security Controls -- 4.14.3 Industrial Automation and Control Systems Security Life Cycle -- 4.14.4 ISO/IEC 27001 -- 4.15 Chapter Summary -- Glossary -- References -- Chapter 5: Step 3- Implement Security Controls -- 5.1 Introduction -- 5.2 Implementation of the Security Controls Specified by the Security Plan -- 5.3 A System Perspective to Implementation -- 5.4 A Management Perspective to Implementation -- 5.5 Implementation via Security Life Cycle Management -- 5.6 Establishing Effective Security Implementation through Infrastructure Management -- 5.7 Finding the Fit: Security Implementation Projects and Organization Portfolios -- 5.8 Security Implementation Project Management -- 5.9 Document the Security Control Implementation in the Security Plan -- 5.10 Chapter Summary -- Glossary -- References -- Chapter 6: Step 4- Assess Security Controls -- 6.1 Understanding Security Control Assessment