SP 800-53 Rev. 5

Security and Privacy Controls for Information Systems and Organizations

Date Published: September 2020

Supersedes: SP 800-53 Rev. 4 (01/22/2015)

Planning Note (10/5/2020):


Joint Task Force



assurance; availability; computer security; confidentiality; control; cybersecurity; FISMA; information security; information system; integrity; personally identifiable information; Privacy Act; privacy controls; privacy functions; privacy requirements; Risk Management Framework; security controls; security functions; security requirements; system; system security
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Contingency Planning; Assessment, Authorization and Monitoring; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Risk Assessment; System and Services Acquisition; System and Information Integrity; System and Communications Protection; Program Management; PII Processing and Transparency; Supply Chain Risk Management