What is NIST 800-53 Rev 5 Update? NIST 800-53 Rev 5 framework & Control Families

NIST is the abbreviation of the National Institute of Standards and Technology. Talking about NIST, it is a non-regulatory agency of the United States Department of Commerce whose job is to improve measurements and standards.

NIST was founded in 1901 and its history lies in developing measurements, metrics, and standards. Previously known as the National Bureau of Standards, NIST mission is to promote measurement standards with proper maintenance.

Sounds so simple.

But what does NIST have to do with your business?

Let us try to understand this in subsequent sections.

What is NIST Cyber Security Framework?

What about Framework? Framework is a structure to support building something useful.

So, riding high on the idea of cybersecurity to prevent, detect and respond to cyber incidents, NIST built a policy framework (set of best practice guidelines) for better management of cybersecurity-related risks.

“It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”

President Barack Obama, Executive Order 13636, Feb. 12, 2013.

In short, the NIST CSF paves way for organization national security posture to tackle risk management by being proactive rather than employing reactive bent of mind.

Elements of the NIST Cybersecurity Framework

There are 5 functions under NIST Cybersecurity framework.

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

What is NIST SP 800-53?

NIST SP 800-53 stands for NIST Special Publication 800-53 and NIST SP 800-53 is part of NIST’s Cyber security Framework. 

As there is a massive rise in threat landscape  and cyber attacks on government systems, the security of important and sensitive information is extremely crucial. And this is possible by securing your overall infrastructure.

Complying by NIST SP 800 series standards improve and maintain their information security. For risk management also, NIST SP 800-53 has been fulfilling the objective of protecting organizations.

Purpose of NIST SP 800-53

NIST SP 80053 (short form of  National Institute of Standards and Technology Special Publication 800-53) database defines the guidelines of security controls and associated assessment procedures, for the US government agencies, to architect, implement and manage information security systems, and corresponding data. 

complying with NIST SP 800-53 helps improve compliance with other crucial compliances like:

will help your organization improve compliance with other programs and regulations, including: 

  1. PCI DSS
  2. GDPR
  3. FISMA
  4. HIPAA
  5. DFARS
  6. FedRAMP
  7. CJIS
  8. FedRAMP+
  9. FedRAMP DoD

Recommended by the Information Technology Laboratory (ITL),

NIST SP 800-53 security control family

There are 18 different controls under NIST SP 800-53

  1. Access Control
  2. Audit and Accountability
  3. Awareness and Training
  4. Configuration Management
  5. Contingency Planning
  6. Identification and Authentication
  7. Incident Response
  8. Maintenance
  9. Media Protection
  10. Personnel Security
  11. Physical and Environmental Protection
  12. Planning
  13. Program Management
  14. Risk Assessment
  15. Security Assessment and Authorization
  16. System and Communications Protection
  17. System and Information Integrity
  18. System and Services Acquisition          

NIST 800-53 has 931 compliance requirements

NIST SP 800-53

Scroll to Top