ComplianceForge News & Announcements

Welcome to ComplianceForge! We want to provide useful information to help you handle your cybersecurity and data protection compliance efforts.
Statutory vs Regulatory vs Contractual

Statutory vs Regulatory vs Contractual

ComplianceForge Support

ComplianceForge Support June 14th, 2023 5 minute read

Threat vs Vulnerability vs Risk

Threat vs Vulnerability vs Risk

ComplianceForge Support

ComplianceForge Support June 14th, 2023 2 minute read

NIST SP 800-171 R3 Requirements

NIST SP 800-171 R3 Requirements

ComplianceForge Support

ComplianceForge Support May 15th, 2023 1 minute read

CMMC | DFARS | NIST 800-171 R3

DSP version 2022.3 release

DSP version 2022.3 release

ComplianceForge Support

ComplianceForge Support December 14th, 2022 1 minute read

Secure Controls Framework (SCF)

C-SCRM Strategy & Implementation Plan

C-SCRM Strategy & Implementation Plan

ComplianceForge Support

ComplianceForge Support August 8th, 2022 2 minute read

DIBCAC Battled Tested CMMC Policies

ComplianceForge Support

ComplianceForge Support August 8th, 2022 1 minute read

CMMC

PCI DSS v4.0 Cybersecurity Policies & Standards

ComplianceForge Support

ComplianceForge Support June 1st, 2022 1 minute read

MSP Dumpster Fire - CMMC Compliance

Guest Authors - Tom Cornelius & Levi Kapilevich January 27th, 2022 21 minute read

CMMC

Essential Guide to CMMC & NIST SP 800-171 Compliance

ComplianceForge Support

ComplianceForge Support January 26th, 2022 14 minute read

CMMC

⇠ Previous Next ⇢

NIST SP 800‑53 R5 Control Families

This release includes a total of 1,189 controls, organized into 20 families:

  1. Access Control
  2. Awareness & Training
  3. Audit & Accountability
  4. Assessment, Authorization & Monitoring
  5. Configuration Management
  6. Contingency Planning
  7. Identification & Authentication
  8. Incident Response
  9. Maintenance
  10. Media Protection
  11. Physical & Environmental Protection
  12. Planning
  13. Program Management
  14. Personnel Security
  15. Personally Identifiable Information (PII) Processing & Transparency
  16. Risk Assessment
  17. System & Services Acquisition
  18. System & Communications Protection
  19. System & Information Integrity
  20. Supply Chain Risk Management

This count includes deprecated controls that have been removed or folded into others. Some controls are not categorized under baselines—low, moderate, high, or privacy—per NIST SP 800‑53B.

ComplianceForge provides full 1:1 mapping of all 20 families and their controls in its CDPP documentation.

!