Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Updates Security and Privacy Control Assessment Procedures
January 25, 2022

NIST has released Special Publication (SP) 800-53A Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations. Updated to correspond with the security and privacy controls in SP 800-53 Revision 5, this publication provides a methodology and set of assessment procedures to verify that the controls are implemented, meet stated control objectives, and achieve the desired security and privacy outcomes.

The SP 800-53A assessment procedures are flexible, provide a framework and starting point for control assessments, and can be tailored to the needs of organizations and assessors. SP 800-53A facilitates security and privacy control assessments conducted within an effective risk management framework. The revision includes new assessment procedures that address newly added and updated privacy and supply chain risk management controls in SP 800-53 Revision 5. SP 800-53A also introduces a new structure for assessment procedures to better support the use of automated tools, improve the efficiency of control assessments for assessors and organizations, and support continuous monitoring and ongoing authorization programs. 

To facilitate use, the assessment procedures are published in multiple data formats, including comma-separated values (CSV), plain text, and Open Security Controls Assessment Language (OSCAL). These are accessible on the publication details page and in the OSCAL Content Git Repository.

Direct questions and comments to sec-cert@nist.gov.

NIST Special Publication 800-53A Revision 5 graphic

Parent Project

See: NIST Risk Management Framework

Related Topics

Security and Privacy: controls assessment

Laws and Regulations: Federal Information Security Modernization Act

Created January 24, 2022, Updated January 25, 2022