ComplianceForge News & Announcements

Welcome to ComplianceForge! We want to provide useful information to help you handle your cybersecurity and data protection compliance efforts.
How many controls are in NIST 800-53 R5?

How many controls are in NIST 800-53 R5?

ComplianceForge Support

ComplianceForge Support July 18th, 2025 1 minute read

Cybersecurity Compliance FAQ

Where can I download NIST 800-171 rev 3 ODPs in Excel format?

NIST 800-171 OPDs In Excel?

ComplianceForge Support

ComplianceForge Support July 18th, 2025 2 minute read

CMMC | DFARS | NIST 800-171 R2 | NIST 800-171 R3 | Templates

DSP Update For SCF 2025.2

DSP Update For SCF 2025.2

ComplianceForge Support

ComplianceForge Support July 10th, 2025 1 minute read

Is A GRC Tool A Security Protection Asset (SPA)?

Is A GRC Tool A Security Protection Asset (SPA)?

ComplianceForge Support

ComplianceForge Support July 9th, 2025 6 minute read

How to get CMMC certified?

How to get CMMC certified?

ComplianceForge Support

ComplianceForge Support June 30th, 2025 2 minute read

CMMC

How To Create A Cybersecurity Program?

How to create a cybersecurity program?

ComplianceForge Support

ComplianceForge Support June 25th, 2025 2 minute read

Cybersecurity Compliance FAQ

Can I Pass A Cybersecurity Audit With AI-Generated Documentation?

Can I pass an audit with AI generated documentation?

ComplianceForge Support

ComplianceForge Support June 18th, 2025 2 minute read

NIST 800-171 vs NIST 800-161

NIST 800-171 Rev 3 vs NIST 800-161 Rev 1

ComplianceForge Support

ComplianceForge Support June 11th, 2025 4 minute read

C-SCRM & NIST 800-161 R1

C-SCRM & NIST 800-161 R1

ComplianceForge Support

ComplianceForge Support June 6th, 2025 4 minute read

Secure Software Development Attestation Forms

Secure Software Development Attestation Forms

ComplianceForge Support

ComplianceForge Support May 19th, 2025 3 minute read

Secure Software Development Practices (SSDP)

Next ⇢

NIST SP 800‑53 R5 Control Families

This release includes a total of 1,189 controls, organized into 20 families:

  1. Access Control
  2. Awareness & Training
  3. Audit & Accountability
  4. Assessment, Authorization & Monitoring
  5. Configuration Management
  6. Contingency Planning
  7. Identification & Authentication
  8. Incident Response
  9. Maintenance
  10. Media Protection
  11. Physical & Environmental Protection
  12. Planning
  13. Program Management
  14. Personnel Security
  15. Personally Identifiable Information (PII) Processing & Transparency
  16. Risk Assessment
  17. System & Services Acquisition
  18. System & Communications Protection
  19. System & Information Integrity
  20. Supply Chain Risk Management

This count includes deprecated controls that have been removed or folded into others. Some controls are not categorized under baselines—low, moderate, high, or privacy—per NIST SP 800‑53B.

ComplianceForge provides full 1:1 mapping of all 20 families and their controls in its CDPP documentation.

!