Control Classes

Management Controls

Operational Controls

Technical Controls

Minimum Security Controls

Low-Impact Baseline

Moderate-Impact Baseline

High-Impact Baseline

Other Links

Classes/Families

Search & Export

NIST Special Publication 800-53 (Rev. 3) and 800-53A (Rev. 1)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

PLEASE NOTE: This NIST SP 800-53/53A database represents the security controls and associated assessment procedures defined in NIST SP 800-53 Revision 3 (including errata updates as of 2010-05-01) Recommended Security Controls for Federal Information Systems and Organizations, and NIST SP 800-53A Revision 1 Guide for Assessing Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans, respectively. Any discrepancies noted in the content between this NIST SP 800-53/53A database and the latest published NIST Special Publication SP 800-53 Revision 3 and SP 800-53A Revision 1, please defer to the official published documents that is posted on http://csrc.nist.gov.

Control Classes

Management Controls
CA - Security Assessment and Authorization
PL - Planning
PM - Program Management
RA - Risk Assessment
SA - System and Services Acquisition

Operational Controls
AT - Awareness and Training
CM - Configuration Management
CP - Contingency Planning
IR - Incident Response
MA - Maintenance
MP - Media Protection
PE - Physical and Environmental Protection
PS - Personnel Security
SI - System and Information Integrity

Technical Controls
AC - Access Control
AU - Audit and Accountability
IA - Identification and Authentication
SC - System and Communications Protection

Minimum Security Controls

Minimum Security Controls
Low-Impact Baseline
Moderate-Impact Baseline
High-Impact Baseline

Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST is an Agency of the U.S. Department of Commerce

Full vulnerability listing

validate