N
SP 800-53r5SP 800Finalpublication

SP 800-53 Rev. 5 - Security and Privacy Controls for Information Systems and Organizations

Provides a comprehensive catalog of security and privacy controls for federal information systems and organizations. Serves as the foundational control set referenced by the Risk Management Framework and many compliance programs.

View on NIST.gov
Publication Number
800-53
Series
SP 800
Revision
5
Status
Final
Date
2020-09
security controlsprivacy controlsaccess controlrisk managementcompliance

References(35)

SP 800-53Ar5SP 800-53A Rev. 5 - Assessing Security and Privacy Controls in Information Systems and OrganizationsSP 800-53BSP 800-53B - Control Baselines for Information Systems and OrganizationsFIPS 199FIPS 199 - Standards for Security Categorization of Federal Information and Information SystemsFIPS 200FIPS 200 - Minimum Security Requirements for Federal Information and Information SystemsSP 800-37r2SP 800-37 Rev. 2 - Risk Management Framework for Information Systems and OrganizationsSP 800-30r1SP 800-30 Rev. 1 - Guide for Conducting Risk AssessmentsSP 800-39SP 800-39 - Managing Information Security RiskSP 800-128SP 800-128 - Guide for Security-Focused Configuration Management of Information SystemsSP 800-61r3SP 800-61 Rev. 3 - Incident Handling GuideSP 800-88r1SP 800-88 Rev. 1 - Guidelines for Media SanitizationSP 800-115SP 800-115 - Technical Guide to Information Security Testing and AssessmentSP 800-175Br1SP 800-175B Rev. 1 - Guideline for Using Cryptographic Standards in the Federal GovernmentFIPS 140-3FIPS 140-3 - Security Requirements for Cryptographic ModulesSP 800-171r3SP 800-171 Rev. 3 - Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsSP 800-172r3SP 800-172 Rev. 3 - Enhanced Security Requirements for Protecting Controlled Unclassified InformationCSF 2.0NIST Cybersecurity Framework (CSF) 2.0Privacy FWNIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0AI RMF 1.0Artificial Intelligence Risk Management Framework (AI RMF 1.0)SP 800-181r1SP 800-181 Rev. 1 - Workforce Framework for Cybersecurity (NICE Framework)SP 800-160v1r1SP 800-160 Vol. 1 Rev. 1 - Engineering Trustworthy Secure SystemsSP 800-160v2r1SP 800-160 Vol. 2 Rev. 1 - Developing Cyber-Resilient SystemsSP 800-161r1SP 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management PracticesSP 800-207SP 800-207 - Zero Trust ArchitectureOSCALOpen Security Controls Assessment Language (OSCAL)SP 800-218SP 800-218 - Secure Software Development Framework (SSDF)SP 1800-35SP 1800-35 - Implementing a Zero Trust ArchitectureSP 1800-5SP 1800-5 - IT Asset ManagementSP 1800-11SP 1800-11 - Data Integrity: Recovering from Ransomware and Other Destructive EventsSP 1800-25SP 1800-25 - Data Integrity: Identifying and Protecting Assets Against RansomwareSP 1800-26SP 1800-26 - Data Integrity: Detecting and Responding to Ransomware and Other Destructive EventsNISTIR 8374NISTIR 8374 - Cybersecurity Framework Profile for Ransomware Risk ManagementSP 800-40r4SP 800-40 Rev. 4 - Guide to Enterprise Patch Management PlanningSP 800-137r1SP 800-137 Rev. 1 - Information Security Continuous Monitoring (ISCM) for Federal Information Systems and OrganizationsNISTIR 8596NISTIR 8596 - Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile)NISTIR 8170NISTIR 8170 - Approaches for Federal Agencies to Use the Cybersecurity Framework

Companion Documents(2)

SP 800-53BSP 800-53B - Control Baselines for Information Systems and OrganizationsSP 800-53Ar5SP 800-53A Rev. 5 - Assessing Security and Privacy Controls in Information Systems and Organizations

Implementations(8)

SP 1800-5SP 1800-5 - IT Asset ManagementSP 1800-10SP 1800-10 - Protecting Information System Integrity in Automated Manufacturing EnvironmentsSP 1800-11SP 1800-11 - Data Integrity: Recovering from Ransomware and Other Destructive EventsSP 1800-25SP 1800-25 - Data Integrity: Identifying and Protecting Assets Against RansomwareSP 1800-26SP 1800-26 - Data Integrity: Detecting and Responding to Ransomware and Other Destructive EventsSP 1800-27SP 1800-27 - Securing Property Management SystemsSP 1800-34SP 1800-34 - Validating the Integrity of Computing DevicesOSCALOpen Security Controls Assessment Language (OSCAL)

Control Families(20)

ACAccess Control (AC)
ATAwareness and Training (AT)
AUAudit and Accountability (AU)
CAAssessment, Authorization, and Monitoring (CA)
CMConfiguration Management (CM)
CPContingency Planning (CP)
IAIdentification and Authentication (IA)
IRIncident Response (IR)
MAMaintenance (MA)
MPMedia Protection (MP)
PEPhysical and Environmental Protection (PE)
PLPlanning (PL)
PMProgram Management (PM)
PSPersonnel Security (PS)
PTPersonally Identifiable Information Processing and Transparency (PT)
RARisk Assessment (RA)
SASystem and Services Acquisition (SA)
SCSystem and Communications Protection (SC)
SISystem and Information Integrity (SI)
SRSupply Chain Risk Management (SR)