ComplianceForge News & Announcements

How many controls are in NIST 800-53 R5?

How many controls are in NIST 800-53 R5?

ComplianceForge Support ComplianceForge Support Cybersecurity Compliance FAQ | NIST 800-53
June 23rd, 2025 1 minute read

Listen to article
Audio generated by DropInBlog's Blog Voice AI™ may have slight pronunciation nuances. Learn more

NIST SP 800 53 Revision 5 includes a staggering 1,189 controls, divided into the 20 control families:

NIST 800-53 Control Families

  1. Access Control;
  2. Awareness & Training;
  3. Audit & Accountability;
  4. Assessment, Authorization & Monitoring;
  5. Configuration Management;
  6. Contingency Planning;
  7. Identification & Authentication;
  8. Incident Response;
  9. Maintenance;
  10. Media Protection;
  11. Physical & Environmental Protection;
  12. Planning;
  13. Program Management;
  14. Personnel Security;
  15. Personally Identifiable Information (PII) Processing & Transparency;
  16. Risk Assessment;
  17. System & Services Acquisition;
  18. System & Communications Protection;
  19. System & Information Integrity; and
  20. Supply Chain Risk Management.

This NIST SP 800-53 R5 control count includes deprecated controls that have been removed or rolled into other controls.

NIST SP 800-53B breaks most of those controls into low, moderate, high and privacy baselines. However, there are many NIST SP 800-53 R5 controls that are not otherwise categorized and are therefore not part of a baseline.

ComplianceForge NIST 800-53 Policy Templates

ComplianceForge has 1-1 matching for NIST SP 800-53 R5 families and controls in its NIST SP 800-53 R5 Cybersecurity & Data Protection Program (CDPP) documentation.  

« Back to Blog

Related Articles

NIST 800-171 vs NIST 800-161

NIST 800-171 Rev 3 vs NIST 800-161 Rev 1

4 minute read

June 11th, 2025

Secure Software Development Attestation Forms

Secure Software Development Attestation Forms

3 minute read

May 19th, 2025

NIST 800-171 ODP

NIST 800-171 R3 ODPs

1 minute read

April 24th, 2025

!