U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Control Baselines for Information Systems and Organizations: NIST Publishes SP 800-53B
October 29, 2020

NIST Special Publication (SP) 800-53B, Control Baselines for Information Systems and Organizations, provides security and privacy control baselines for the Federal Government. SP 800-53B is a companion publication to SP 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations.  

Control baselines provide a starting point for organizations in the security and privacy control selection process. SP 800-53B includes three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy control baseline that is applied to systems irrespective of impact level. The privacy control baseline supports federal agencies in addressing privacy requirements and managing privacy risks that arise from processing PII based on privacy program responsibilities under OMB Circular A-130.

In addition to the control baselines, SP 800-53B provides tailoring guidance and a set of working assumptions that help guide and inform the control selection process. By using the tailoring guidance and assumptions provided, organizations can customize their security and privacy control baselines to protect their critical and essential operations and assets, and protect individuals' privacy. Finally, this publication provides guidance on the development of overlays to facilitate control baseline customization for specific communities of interest, technologies, and environments of operation. NIST has also developed the Security Control Overlay Repository (SCOR), providing stakeholders with a platform for voluntarily sharing security control overlays. See the SCOR page to learn more about the repository, including instructions on how to submit an overlay, and to obtain a list of published overlays.

(Coming soon) The control baselines in SP 800-53B will also be available in spreadsheet format and in the Open Security Assessment Language (OSCAL) format, linked as supplemental materials in the publication details

Parent Project

See: NIST Risk Management Framework

Related Topics

Security and Privacy: privacy controls, security controls

Laws and Regulations: OMB Circular A-130

Created October 28, 2020, Updated February 18, 2021