Quality, Expert-Derived Cybersecurity Documentation To Keep Organizations Secure, Compliant & Resilient - No AI Slop!
Secure Controls Framework
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cart
Start Here
Products
Bundles
Updates
Reasons To Buy
Certification Options
Home
FAQ
How many controls are in NIST 800-53?

How many controls are in NIST 800-53?

Direct Answer

NIST SP 800 53 Revision 5 includes a staggering 1,189 controls, divided into the following 20 control families:

  • Access Control;
  • Awareness & Training;
  • Audit & Accountability;
  • Assessment, Authorization & Monitoring;
  • Configuration Management;
  • Contingency Planning;
  • Identification & Authentication;
  • Incident Response;
  • Maintenance;
  • Media Protection;
  • Physical & Environmental Protection;
  • Planning;
  • Program Management;
  • Personnel Security;
  • Personally Identifiable Information (PII) Processing & Transparency;
  • Risk Assessment;
  • System & Services Acquisition;
  • System & Communications Protection;
  • System & Information Integrity; and
  • Supply Chain Risk Management.

This NIST SP 800-53 R5 control count includes deprecated controls that have been removed or rolled into other controls.

NIST SP 800-53B breaks most of those controls into low, moderate, high and privacy baselines. However, there are many NIST SP 800-53 R5 controls that are not otherwise categorized and are therefore not part of a baseline.

ComplianceForge has 1-1 matching for NIST SP 800-53 R5 families and controls in its NIST SP 800-53 R5 Cybersecurity & Data Protection Program (CDPP) documentation.

Keep Exploring

Relevant ComplianceForge Resources

References

Authoritative Sources