This state IT standard specifies the minimum requirements for information security in all agencies and identifies the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 (Revision 4), “Security and Privacy Controls for Federal Information Systems and Organizations,” as the framework for information security controls implementation for the state.