NIST 800-53 r5

Learn about NIST 800-53 r5 and explore its 1,000+ security controls.

  • Purpose

    NIST 800-53 is a security control catalog for the federal Risk Management Framework.

  • Control Baselines

    NIST 800-53B defines 3 security control baselines: low, moderate, and high. The impact baseline determines the number of security controls a system has to account for.

  • NIST 800-37

    NIST 800-37 defines the federal Risk Management Framework (RMF). RMF uses the security controls of NIST 800-53.


    Both FISMA and FedRAMP use the security controls of NIST 800-53.

  • 20 Control Families

    NIST 800-53 groups its security requirements into 20 families including access control, configuration management, and supply chain risk management.

  • Organization-Defined Parameters

    Organization-Defined Parameters are variables within a security control's text that can be populated by many sources including laws, agency policy, mission needs, etc.

NIST 800-171 / CMMC Training
Available Now!

NIST 800-171

Learn about NIST 800-171 and explore its security requirements.

CMMC 2.0

Learn about the CMMC 2.0 and explore its practices.

What is the purpose of NIST 800-53?

NIST 800-53 provides a catalog of security controls for federal systems.

Why do I need to implement NIST 800-53?

Federal systems are required to implement RMF and the related security controls of NIST 800-53.

Cloud service providers who wish to complete the FedRAMP authorization process will be required to implement the security controls of NIST 800-53.

How can I find training on NIST 800-53?

Our NCSPĀ® NIST 800-53 Practitioner course covers NIST 800-53: NCSPĀ® NIST 800-53 Practitioner Certificate

How many controls does NIST 800-53 have?

NIST 800-53 R5 has more than 1,000 security controls.

Where can I find a list of the NIST 800-53 controls?

We have published the NIST 800-53 security controls here: NIST 800-53 r5 Controls

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!