What is NIST 800-53?
The comprehensive catalog of security and privacy controls from NIST that underpins FedRAMP, FISMA and many enterprise programs.
Definition
NIST SP 800-53 is a catalog of security and privacy controls published by the US National Institute of Standards and Technology. It provides a comprehensive, flexible set of controls that organisations select from — using baselines — to protect their information systems and the data within them.
It underpins FISMA compliance for US federal agencies and FedRAMP for cloud providers, and is widely adopted by enterprises as a rigorous control framework. The current release is Revision 5, which integrates privacy and supply-chain controls.
How NIST 800-53 is organised
Control families
20 families spanning access control to supply chain.
Control baselines
Low, Moderate and High starting points.
Tailoring
Adjust the baseline to your risk and mission.
Privacy controls
Integrated privacy protections (Rev 5).
Overlays
Sector- or purpose-specific control sets.
Who needs to comply?
US federal agencies and their contractors (via FISMA), cloud providers pursuing FedRAMP, and enterprises seeking a rigorous, well-recognised control catalog.
How ISpectra helps
ISpectra helps you adopt NIST 800-53 — selecting and tailoring the right baseline, implementing and documenting controls, and mapping them to FedRAMP, FISMA or your enterprise obligations.
Talk to an advisor