NIST 800-53 r5
Security and Privacy Controls for Information Systems and Organizations
Overview
NIST Special Publication 800-53 Revision 5 provides a comprehensive catalog of security and privacy controls for federal information systems and organizations. It's designed to protect organizational operations, assets, individuals, other organizations, and the Nation from cyber threats.
Revision 5 introduces:
- Expanded privacy controls
- Supply chain risk management controls
- Updated control families
- Enhanced baseline controls
20 Control Families
- AC - Access Control
- AT - Awareness and Training
- AU - Audit and Accountability
- CA - Assessment, Authorization
- CM - Configuration Management
- CP - Contingency Planning
- IA - Identification and Authentication
- IR - Incident Response
- MA - Maintenance
- MP - Media Protection
- PE - Physical and Environmental Protection
- PL - Planning
- PM - Program Management
- PS - Personnel Security
- PT - PII Processing and Transparency
- RA - Risk Assessment
- SA - System and Services Acquisition
- SC - System and Communications Protection
- SI - System and Information Integrity
- SR - Supply Chain Risk Management
Security Control Baselines
| Baseline | Impact Level | Description |
|---|---|---|
| Low | Low | Minimum security controls for low-impact systems |
| Moderate | Moderate | Standard security controls for moderate-impact systems |
| High | High | Most comprehensive controls for high-impact systems |
| Privacy | All | Additional privacy-focused controls |
NIST Tools
Login to access NIST tools.
Login