NIST SP 800-53 rev. 5 (Security and Privacy Controls for Information Systems and Organisations)
Region
US
Focus
Organisational Management
Detailed description
This publication provides a catalog of security and privacy controls for information systems and organisations to protect organisational operations and assets, individuals, other organisations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks. The controls are flexible and customizable and implemented as part of an organisation-wide process to manage risk. The controls address diverse requirements derived from mission and business needs, laws, executive orders, directives, regulations, policies, standards, and guidelines. Finally, the consolidated control catalog addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms provided by the controls) and from an assurance perspective (i.e., the measure of confidence in the security or privacy capability provided by the controls). Addressing functionality and assurance helps to ensure that information technology products and the systems that rely on those products are sufficiently trustworthy.
Key Details
- Developed by the National Institute of Standards and Technology (NIST).
- Organised into 20 control families, including access control, risk assessment, and incident response.
- Supports integration with the Risk Management Framework (RMF).
- Aligns with federal mandates and international security standards.