Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-53 Rev. 5

Security and Privacy Controls for Information Systems and Organizations

Date Published: September 2020

Supersedes: SP 800-53 Rev. 4 (01/22/2015)

Planning Note (12/10/2020): See the errata update for SP 800-53 Rev. 5 that was released on December 10, 2020.


Joint Task Force



assurance; availability; computer security; confidentiality; control; cybersecurity; FISMA; information security; information system; integrity; personally identifiable information; Privacy Act; privacy controls; privacy functions; privacy requirements; Risk Management Framework; security controls; security functions; security requirements; system; system security
Control Families

Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Program Management; Personnel Security; PII Processing and Transparency; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity; Supply Chain Risk Management


No Download Available

Supplemental Material:
None available

Publication Parts:
SP 800-53B

Document History:
02/23/16: SP 800-53 Rev. 5 (Draft)
08/15/17: SP 800-53 Rev. 5 (Draft)
03/16/20: SP 800-53 Rev. 5 (Draft)
09/23/20: SP 800-53 Rev. 5 (Final)