Compliance Glossary

NIST SP 800-53 is a special publication by the National Institute of Standards and Technology; titled–Security and Privacy Controls for Information Systems and Organizations. It provides a comprehensive set of security and privacy controls organized into control families that support the development of safe and secure information systems.

Primarily developed for federal agencies, it can be used by any organization willing to strengthen its cybersecurity.

Controls catalog falls into three types:

• Technical Controls: These include advanced solutions such as encryption and access controls.
• Operational Controls: These focus on solving security issues relating to everyday operations, including physical security.
• Management Controls: These highlight policies and procedures and governance initiatives.

NIST 800-53 also provides control baselines which are classified into categories that are low, moderate, and high class. Such baselines outline the potential impact security breaches could have on the information system so that organizations can decide what controls would be most applicable. The framework also gives supplemental guidance to assist the organization in implementing the controls effectively.

NIST 800-53 integrates with other NIST frameworks and is updated to keep organizations in pace with the changing technological and threat landscape. Revision 5 enhances a focus on privacy, expands control families, and generally makes it applicable to more orgs and use cases.