In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.
NIST Special Publication (SP) 800-53 Revision 4
Security and Privacy Controls for Federal Information Systems and Organizations
*Note: All reference to SP 800-53 on this page is referring to SP 800-53 Revision 4.*
The purpose of Special Publication 800-53 is to provide guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by:
The guidelines provided in Special Publication 800-53 are applicable to all federal information systems1 other than those systems designated as national security systems as defined in 44 U.S.C., Section 35422. The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems. This publication is intended to provide guidance to federal agencies implementing FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. In addition to the agencies of the federal government, state, local, and tribal governments, and private sector organizations that compose the critical infrastructure of the United States, are encouraged to use these guidelines, as appropriate.
The security controls in Special Publication 800-53 have been developed using inputs from a variety of sources including NIST Special Publication 800-26, Department of Defense (DoD) Policy 8500, Director of Central Intelligence Directive (DCID) 6/3, ISO/IEC Standard 17799, General Accounting Office (GAO) Federal Information System Controls Audit Manual (FISCAM), and Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) Core Security Requirements. The security controls cover the following topic areas:
1. A federal information system is an information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency.
2. NIST Special Publication 800-59 provides guidance on identifying an information system as a national security system.