ComplianceForge News & Announcements

Welcome to ComplianceForge! We want to provide useful information to help you handle your cybersecurity and data protection compliance efforts.
NIST 800-171 ODP

NIST 800-171 R3 ODPs

ComplianceForge Support

ComplianceForge Support April 24th, 2025 1 minute read

CMMC

What Is The Difference Between A Policy and Standard?

What Is The Difference Between Policies & Standards?

ComplianceForge Support

ComplianceForge Support April 9th, 2025 3 minute read

Cybersecurity Compliance FAQ

scf licensed content provider

SCF Licensed Content Provider (LCP)

ComplianceForge Support

ComplianceForge Support March 21st, 2025 1 minute read

Secure Controls Framework (SCF)

GSA OASIS J-3 Contract Deliverables

GSA OASIS+ J-3 C-SCRM Deliverables

ComplianceForge Support

ComplianceForge Support February 20th, 2025 4 minute read

Your CMMC Requirements Guide

Your CMMC Requirements Guide

ComplianceForge Support

ComplianceForge Support January 3rd, 2025 1 minute read

CMMC

SCF Cybersecurity Documentation Experts

SCF Cybersecurity Documentation Experts

SCF Council December 26th, 2024 1 minute read

SCF Certification | SCF Licensed Content Provider | Secure Controls Framework (SCF)

Affordable Cybersecurity Policy Templates

Affordable Cybersecurity Policy Templates

ComplianceForge Support

ComplianceForge Support December 20th, 2024 2 minute read

Templates

Cybersecurity Policies vs Standards

Cybersecurity Policies vs Standards

ComplianceForge Support

ComplianceForge Support December 13th, 2024 3 minute read

NIST 800-161 R1

What Is NIST CSF?

What Is NIST CSF?

ComplianceForge Support

ComplianceForge Support December 2nd, 2024 2 minute read

NIST Cybersecurity Framework (NIST CSF)

⇠ Previous Next ⇢

NIST SP 800‑53 R5 Control Families

This release includes a total of 1,189 controls, organized into 20 families:

  1. Access Control
  2. Awareness & Training
  3. Audit & Accountability
  4. Assessment, Authorization & Monitoring
  5. Configuration Management
  6. Contingency Planning
  7. Identification & Authentication
  8. Incident Response
  9. Maintenance
  10. Media Protection
  11. Physical & Environmental Protection
  12. Planning
  13. Program Management
  14. Personnel Security
  15. Personally Identifiable Information (PII) Processing & Transparency
  16. Risk Assessment
  17. System & Services Acquisition
  18. System & Communications Protection
  19. System & Information Integrity
  20. Supply Chain Risk Management

This count includes deprecated controls that have been removed or folded into others. Some controls are not categorized under baselines—low, moderate, high, or privacy—per NIST SP 800‑53B.

ComplianceForge provides full 1:1 mapping of all 20 families and their controls in its CDPP documentation.

!