August 27, 2025: NIST SP 800-53 Release 5.2.0 is finalized and available on the Cybersecurity and Privacy Reference Tool. This update includes changes to SP 800-53 and SP 800-53A, there are no changes to the baselines in SP 800-53B. A summary of the changes is available, and replaces the "preview version" issued on August 22 (no longer available).
August 22, 2025: A preview of the updates to NIST SP 800-53 (Release 5.2.0) is available on the Public Comment Site. This preview will be available until NIST issues Release 5.2.0 through the Cybersecurity and Privacy Reference Tool. SP 800-53 Release 5.2.0 will include:
- New Control/Control Enhancements and Assessment Procedures: SA-15(13), SA-24, SI-02(07)
- Revisions to Existing Controls: SI-07(12)
- Updates to Control Discussion: SA-04, SA-05, SA-08, SA-08(14), SI-02, SI-02(05)
- Updates to Related Controls: All -01 Controls, AU-02, AU-03, CA-07, IR-04, IR-06, IR-08, SA-15, SI-02, SI-07
August 6, 2025: The expedited public comment period on the NIST SP 800-53 controls is closed. Thank you for your feedback! The draft controls are no longer publicly viewable. We expect to issue SP 800-53 Release 5.2.0 through the Cybersecurity and Privacy Reference Tool in the coming weeks.
July 22, 2025: NIST issues draft updates to Special Publication (SP) 800-53 to provide additional guidance on how to securely and reliably deploy patches and updates in response to the Executive Order 14306, Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144. A two-week expedited public comment period on the draft updates is open through August 5, 2025. View the draft updates and submit comments on the proposed changes at the "Candidates" button.
Please direct questions and comments to: [email protected].
