ComplianceForge News & Announcements

Welcome to ComplianceForge! We want to provide useful information to help you handle your cybersecurity and data protection compliance efforts.
What Is NIST CSF?

What Is NIST CSF?

ComplianceForge Support

ComplianceForge Support December 2nd, 2024 2 minute read

NIST Cybersecurity Framework (NIST CSF)

Supply Chain Risk Management (SCRM) Plan

Supply Chain Risk Management (SCRM) Plan

ComplianceForge Support

ComplianceForge Support November 25th, 2024 3 minute read

Supply Chain Risk Management (SCRM)

Efficient CMMC Scoping

Efficient CMMC Scoping

ComplianceForge Support

ComplianceForge Support November 22nd, 2024 1 minute read

CMMC

What Is NIST 800-171?

What Is NIST 800-171?

ComplianceForge Support

ComplianceForge Support November 18th, 2024 3 minute read

CMMC

Are you a cyber criminal?

ComplianceForge Support

ComplianceForge Support November 13th, 2024 9 minute read

Third-Party Cybersecurity Assessment Standards

Third-Party Cybersecurity Assessment Standards

ComplianceForge Support

ComplianceForge Support November 12th, 2024 1 minute read

Secure Controls Framework (SCF)

Supply Chain Risk Management

Supply Chain Risk Management

ComplianceForge Support

ComplianceForge Support November 12th, 2024 3 minute read

Cybersecurity Policies & Standards

Cybersecurity Policies & Standards

ComplianceForge Support

ComplianceForge Support November 9th, 2024 2 minute read

What Is ComplianceForge?

What Is ComplianceForge?

ComplianceForge Support

ComplianceForge Support November 4th, 2024 2 minute read

⇠ Previous Next ⇢

NIST SP 800‑53 R5 Control Families

This release includes a total of 1,189 controls, organized into 20 families:

  1. Access Control
  2. Awareness & Training
  3. Audit & Accountability
  4. Assessment, Authorization & Monitoring
  5. Configuration Management
  6. Contingency Planning
  7. Identification & Authentication
  8. Incident Response
  9. Maintenance
  10. Media Protection
  11. Physical & Environmental Protection
  12. Planning
  13. Program Management
  14. Personnel Security
  15. Personally Identifiable Information (PII) Processing & Transparency
  16. Risk Assessment
  17. System & Services Acquisition
  18. System & Communications Protection
  19. System & Information Integrity
  20. Supply Chain Risk Management

This count includes deprecated controls that have been removed or folded into others. Some controls are not categorized under baselines—low, moderate, high, or privacy—per NIST SP 800‑53B.

ComplianceForge provides full 1:1 mapping of all 20 families and their controls in its CDPP documentation.

!