Recommended Security Controls for Federal Information Systems and Organizations

Joint Task Force Transformation Initiative

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST SP 800-53 Rev. 3

Withdrawn on August 12, 2009. Superseded by SP 800-53 Rev. 3

Recommended Security Controls for Federal Information Systems and Organizations

Documentation

Date Published: August 2009
No Comments Solicited

Supersedes: SP 800-53 Rev. 2 (12/19/2007)

Author(s)

Joint Task Force Transformation Initiative

Announcement

[Original publication of Rev. 3 (August 1, 2009)]

Abstract

The objective of NIST SP 800-53 is to provide a set of security controls that can satisfy the breadth and depth of security requirements levied on information systems and organizations and that is consistent with and complementary to other established information security standards. Revision 3 is the first major update since December 2005 and includes significant improvements to the security control catalog.

Keywords

common controls; FISMA; managing risk; risk management framework; security control assurance; security control baselines; security controls; security requirements

Control Families

Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity

Documentation

Publication:
No Download Available

Supplemental Material:
None available

Document History:
08/03/09: SP 800-53 Rev. 3 (Final)