NIST 800-53

NIST Special Publication 800-53 provides a catalog of security and privacy controls for federal information systems and organizations.

Control Families

• Access Control (AC) - Managing system access
• Awareness and Training (AT) - Security awareness
• Audit and Accountability (AU) - Audit capabilities
• Assessment, Authorization, and Monitoring (CA) - Security assessments
• Configuration Management (CM) - System configurations
• Contingency Planning (CP) - Continuity of operations
• Identification and Authentication (IA) - Identity verification
• Incident Response (IR) - Incident handling
• Maintenance (MA) - System maintenance
• Media Protection (MP) - Media safeguarding
• Physical and Environmental Protection (PE) - Physical security
• Planning (PL) - Security planning
• Program Management (PM) - Enterprise security program
• Personnel Security (PS) - Personnel screening
• PII Processing and Transparency (PT) - Privacy controls
• Risk Assessment (RA) - Risk analysis
• System and Services Acquisition (SA) - System development
• System and Communications Protection (SC) - Communications security
• System and Information Integrity (SI) - Information integrity
• Supply Chain Risk Management (SR) - Supply chain security

Control Baselines

• Low impact baseline
• Moderate impact baseline
• High impact baseline
• Privacy control baseline