NIST RMF 800-53 Rev 5 Data Table

Written by

jeff.monroe

in

The NIST SP 800-53, part of the Risk Management Framework (RMF), is a comprehensive set of security and privacy controls designed to protect federal information systems and organizations. It is primarily used by U.S. federal agencies, contractors, and organizations handling federal data to ensure compliance with FISMA (Federal Information Security Modernization Act).

  • Access Control (AC): Manages user access to systems, enforcing policies for authentication and authorization.
  • Awareness and Training (AT): Ensures personnel are trained on security policies and procedures.
  • Audit and Accountability (AU): Tracks and logs system activities for monitoring and investigation.
  • Assessment, Authorization, and Monitoring (CA): Evaluates security controls, authorizes systems, and monitors compliance.
  • Configuration Management (CM): Maintains secure system configurations and manages changes.
  • Contingency Planning (CP): Plans for system recovery and continuity during disruptions.
  • Identification and Authentication (IA): Verifies user and device identities before granting access.
  • Incident Response (IR): Detects, responds to, and recovers from security incidents.
  • Maintenance (MA): Ensures systems are securely maintained and updated.
  • Media Protection (MP): Safeguards physical and digital media containing sensitive data.
  • Physical and Environmental Protection (PE): Secures physical facilities and environmental systems.
  • Planning (PL): Develops security plans to guide system protection.
  • Program Management (PM): Establishes enterprise-wide security management processes.
  • Personnel Security (PS): Screens and manages personnel to reduce insider threats.
  • Personally Identifiable Information Processing and Transparency (PT): Protects PII and ensures transparent handling.
  • Risk Assessment (RA): Identifies and evaluates risks to systems and data.
  • System and Services Acquisition (SA): Ensures acquired systems and services meet security requirements.
  • System and Communications Protection (SC): Secures system communications and boundaries.
  • System and Information Integrity (SI): Protects data integrity and detects unauthorized changes.
  • Supply Chain Risk Management (SR): Mitigates risks in the supply chain for systems and components.

Data Summary:

  • 20 security control families
  • 1,007 security controls
  • 3 security control tiers

RMF 800-53 data table:

  • Isolate and study each security control family.
  • Isolate and study each security control baseline.
  • Isolate and study by security control tier.

More posts

© Copyright 2025. All rights reserved.