Loading...
NIST SP 800-53 Rev. 5 — Security and Privacy Controls for Information Systems
NIST Special Publication 800-53 Revision 5 is the most comprehensive catalogue of security and privacy controls for information systems. With 1,189 controls across 20 families, it serves as the authoritative reference for federal agencies under FISMA and is widely adopted by private sector organisations. Rev. 5 expanded scope beyond federal systems to all organisations.
1,189
Controls
20
Families
4
Baselines
FISMA
Mandatory For
Account management, access enforcement, separation of duties, identification and authentication policies for users, devices, and services.
Audit content and review, security assessment, system authorization, and continuous monitoring plan requirements.
Baseline configuration management, change control, least functionality enforcement, and system maintenance controls.
Incident handling, monitoring, and reporting; contingency planning, alternate processing sites, and recovery testing.
Risk assessments, vulnerability scanning and remediation, supply chain risk management, and component authenticity verification.
Apply FIPS 199/200 to determine system impact level (Low, Moderate, High) based on confidentiality, integrity, and availability.
Select the appropriate control baseline from SP 800-53B (Low, Moderate, High, or Privacy baseline).
Customize baseline controls by scoping, compensating, and supplementing based on organisational risk assessment.
Deploy controls across all applicable families, documenting implementation details in the System Security Plan.
Evaluate control effectiveness using SP 800-53A assessment procedures and document findings.
Obtain Authority to Operate (ATO) and establish continuous monitoring per control family requirements.