This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Date Published: September 2020 (includes updates as of Dec. 10, 2020)
SP 800-53 Rev. 5 (09/23/2020)
Planning Note (7/13/2022):
Summary of supplemental files: Also available:
The entire security and privacy control catalog in spreadsheet format. Note: For a spreadsheet of control baselines, see the SP 800-53B details.
Describes the changes to each control and control enhancement, provides a brief summary of the changes, and includes an assessment of the significance of the changes. Note that this comparison was authored by The MITRE Corporation for the Director of National Intelligence (DNI) and is being shared with permission by DNI.
Supports organizations using the privacy controls in Appendix J of SP 800-53 Rev. 4 that are transitioning to the integrated control catalog in Rev. 5.
The mappings provide organizations a general indication of SP 800-53 control coverage with respect to other frameworks and standards. When leveraging the mappings, it is important to consider the intended scope of each publication and how each publication is used; organizations should not assume equivalency based solely on the mapping tables because mappings are not always one-to-one and there is a degree of subjectivity in the mapping analysis.
The collaboration index template supports information security and privacy program collaboration to help ensure that the objectives of both disciplines are met and that risks are appropriately managed. It is an optional tool for information security and privacy programs to identify the degree of collaboration needed between security and privacy programs with respect to the selection and/or implementation of controls in Rev. 5.
Rev. 5 controls are provided using the Open Security Controls Assessment Language (OSCAL); currently available in JSON, XML, and YAML.
Summary of supplemental files:
Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Contingency Planning; Assessment, Authorization and Monitoring; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Risk Assessment; System and Services Acquisition; System and Information Integrity; System and Communications Protection; Program Management; PII Processing and Transparency; Supply Chain Risk Management
Control Catalog (spreadsheet) (xls)
Analysis of updates between 800-53 Rev. 5 and Rev. 4, by MITRE Corp. for ODNI (xls)
Mapping: Appendix J Privacy Controls (Rev. 4) to Rev. 5 (xls)
Mappings: Cybersecurity Framework and Privacy Framework to Rev. 5 (xls)
Mapping: Rev. 5 to ISO/IEC 27001 (word)
OSCAL Version of Rev. 5 controls (web)
Control Collaboration Index Template (xls)
Control Collaboration Index Template (word)
Blog post (web)
Other Parts of this Publication:
Laws and Regulations
E-Government Act; Federal Information Security Modernization Act; Homeland Security Presidential Directive 12; Homeland Security Presidential Directive 7; OMB Circular A-11; OMB Circular A-130