NIST SP 800-53

NIST Special Publication 800-53 is the authoritative catalog of security and privacy controls developed by the U.S. National Institute of Standards and Technology. Currently in Revision 5, it defines hundreds of controls organized into 20 control families (e.g., Access Control, Audit and Accountability, System and Communications Protection) along with control enhancements and supplemental guidance. SP 800-53 is mandatory for U.S. federal information systems under FISMA and FedRAMP, and is widely adopted by contractors, state governments, and critical-infrastructure operators worldwide. Organizations typically select a baseline (low, moderate, high) using NIST SP 800-53B and tailor it to their risk profile.