This is a potential security issue, you are being redirected to https://csrc.nist.gov.
November 7, 2023: NIST issues SP 800-53 Release 5.1.1 in the Cybersecurity and Privacy Reference Tool (CPRT). The corresponding assessment procedures in SP 800-53A have also been updated , and the SP 800-53A assessment procedures and SP 800-53B control baselines are also now available in the CPRT. For more information, see: CSRC News Article and the SP 800-53 Release 5.1.1 FAQ (updated). A detailed listing of the changes is also available for SP 800-53 and SP 800-53A.
Thank you to those who submitted comments using the NIST SP 800-53 Public Comment Website.
November 1, 2023: The expedited 2-week public comment period is closed. NIST is adjudicating comments and plans to issue SP 800-53 Release 5.1.1 in November 2023.
October 17, 2023: NIST opens a 2-week expedited public comment period on draft controls for October 17–31, 2023, and plans to issue SP 800-53 Patch Release 5.1.1 in November 2023. Please review and submit comments on the proposed new control, control enhancements and corresponding assessment procedures using the NIST SP 800-53 Public Comment Website. For more information, see: CSRC News Article and the SP 800-53 Release 5.1.1 FAQ.
Please direct questions and comments to: firstname.lastname@example.org.
The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).
|Prepare||Essential activities to prepare the organization to manage security and privacy risks|
|Categorize||Categorize the system and information processed, stored, and transmitted based on an impact analysis|
|Select||Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s)|
|Implement||Implement the controls and document how controls are deployed|
|Assess||Assess to determine if the controls are in place, operating as intended, and producing the desired results|
|Authorize||Senior official makes a risk-based decision to authorize the system (to operate)|
|Monitor||Continuously monitor control implementation and risks to the system|