NIST SP 800-53

Full Title

Security and Privacy Controls for Information Systems and Organizations

Context

• This page is addressed to the contexts of the evolving standard.
  • NIST SP 800-53 Rev 4 was published on 2013-04
• The final public draft of Revision 4 was published on 2020-03 - the most notable change is to broaden the scope from federal systems to systems in general. Another change was to merge privacy and security so that each was addressed in each section.

Contents

After the Introduction and discussion of the fundamentals the following set of controls was delineated in section 3.

1. ACCESS CONTROL .................................................................................................................. 17
2. AWARENESS AND TRAINING
3. AUDIT AND ACCOUNTABILITY
4. ASSESSMENT, AUTHORIZATION, AND MONITORING
5. CONFIGURATION MANAGEMENT
6. CONTINGENCY PLANNING

# IDENTIFICATION AND AUTHENTICATION

1. INCIDENT RESPONSE
2. MAINTENANCE
3. MEDIA PROTECTION
4. PHYSICAL AND ENVIRONMENTAL PROTECTION
5. PLANNING
6. PROGRAM MANAGEMENT
7. PERSONNEL SECURITY
8. PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY
9. RISK ASSESSMENT
10. SYSTEM AND SERVICES ACQUISITION
11. SYSTEM AND COMMUNICATIONS PROTECTION
12. SYSTEM AND INFORMATION INTEGRITY
13. SUPPLY CHAIN RISK MANAGEMENT

References

• Reference page page for all 800-53 with other NIST privacy documents