Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security and Privacy Controls for Information Systems and Organizations

Published

Author(s)

Ronald S. Ross

Abstract

This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks. The controls are flexible and customizable and implemented as part of an organization-wide process to manage risk. The controls address diverse requirements derived from mission and business needs, laws, executive orders, directives, regulations, policies, standards, and guidelines. Finally, the consolidated control catalog addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms provided by the controls) and an assurance perspective (i.e., the measure of confidence in the security or privacy capability provided by the controls). Addressing both functionality and assurance helps to ensure that information technology products and the systems that rely on those products are sufficiently trustworthy.
Citation
Special Publication (NIST SP) - 800-53rev5
Report Number
800-53rev5

Keywords

Assurance, availability, computer security, confidentiality, control, cybersecurity, FISMA, information security, information system, integrity, personally identifiable information, Privacy Act, privacy controls, privacy functions, privacy requirements, Risk Management Framework, security controls, security functions, security requirements, system, system security.

Citation

Ross, R. (2020), Security and Privacy Controls for Information Systems and Organizations, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-53r5 (Accessed November 24, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created September 22, 2020, Updated September 28, 2020