Compliance

NIST 800-53

A comprehensive catalog of security and privacy controls published by NIST that federal agencies and organizations use to protect information systems.

Also known as:NIST SP 800-53NIST Security Controls

What is NIST 800-53?

NIST Special Publication 800-53 provides a catalog of security and privacy controls for information systems and organizations. It's the primary security framework for US federal agencies and is widely adopted by private sector organizations as a comprehensive security baseline.

Control Families (Rev. 5)

  1. Access Control (AC)
  2. Awareness and Training (AT)
  3. Audit and Accountability (AU)
  4. Assessment, Authorization (CA)
  5. Configuration Management (CM)
  6. Contingency Planning (CP)
  7. Identification and Authentication (IA)
  8. Incident Response (IR)
  9. Maintenance (MA)
  10. Media Protection (MP)
  11. Physical and Environmental (PE)
  12. Planning (PL)
  13. Program Management (PM)
  14. Personnel Security (PS)
  15. PII Processing (PT) (new in Rev. 5)
  16. Risk Assessment (RA)
  17. System and Services Acquisition (SA)
  18. System and Communications (SC)
  19. System and Information Integrity (SI)
  20. Supply Chain Risk Management (SR) (new in Rev. 5)

Control Baselines

Low Impact: Basic controls Moderate Impact: Enhanced controls High Impact: Comprehensive controls

Key Changes in Rev. 5

  • Outcome-based control language
  • Privacy controls integrated
  • Supply chain risk management
  • State-of-the-practice updates
  • Flexible implementation
Previous

Network Segmentation

Next

NIST AI Risk Management Framework