Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-53A Rev. 5

Assessing Security and Privacy Controls in Information Systems and Organizations

Date Published: January 2022

Supersedes: SP 800-53A Rev. 4 (12/18/2014)

Planning Note (11/07/2023):

On November 7, 2023, NIST issued a patch release of SP 800-53A (Release 5.1.1) that includes:

  • minor grammatical edits and clarification;
  • one new control and three supporting control enhancement assessment procedures to correspond with the new SP 800-53 control, IA-13.

A list of all the changes in the patch release is available under Supplemental Material.


As stakeholders use NIST SP 800-53A and its derivative data formats, updates are identified to improve the quality of the publication.  Updates can include corrections, clarifications, or other minor changes in the publication that are either editorial or substantive in nature. Any potential updates for SP 800-53A and its derivative data formats that are not yet published in an errata update or revision—including additional issues and potential corrections—will be posted as they are identified.  Please report any potential updates to


Joint Task Force



assessment; assessment plan; assurance; control assessment; FISMA; Privacy Act; privacy controls; Open Security Controls Assessment Language; OSCAL; privacy requirements; Risk Management Framework; security controls; security requirements
Control Families

None selected