Cybersecurity Compliance FAQ

How many controls are in NIST 800-53 R5?

ComplianceForge Support July 18th, 2025 1 minute read

How to create a cybersecurity program?

ComplianceForge Support June 25th, 2025 2 minute read

Cybersecurity Compliance FAQ

What Is The Difference Between A Policy and Standard?

What Is The Difference Between Policies & Standards?

ComplianceForge Support April 9th, 2025 3 minute read

Cybersecurity Compliance FAQ

« Back to Blog

NIST SP 800‑53 R5 Control Families

This release includes a total of 1,189 controls, organized into 20 families:

Access Control
Awareness & Training
Audit & Accountability
Assessment, Authorization & Monitoring
Configuration Management
Contingency Planning
Identification & Authentication
Incident Response
Maintenance
Media Protection
Physical & Environmental Protection
Planning
Program Management
Personnel Security
Personally Identifiable Information (PII) Processing & Transparency
Risk Assessment
System & Services Acquisition
System & Communications Protection
System & Information Integrity
Supply Chain Risk Management

This count includes deprecated controls that have been removed or folded into others. Some controls are not categorized under baselines—low, moderate, high, or privacy—per NIST SP 800‑53B.

ComplianceForge provides full 1:1 mapping of all 20 families and their controls in its CDPP documentation.

Cybersecurity Compliance FAQ

How many controls are in NIST 800-53 R5?

How to create a cybersecurity program?

What Is The Difference Between Policies & Standards?

NIST SP 800‑53 R5 Control Families

Is A GRC Tool A Security Protection Asset (SPA)?

Cybersecurity Materiality & Key Controls

NIST 800-171 R2 to R3 Transition Guide

Apply PPTDF For Cybersecurity Compliance

NIST SP 800‑53 R5 Control Families