Professional Documents
Culture Documents
laboratory is responsible for developing the NIST CSF, seen as the gold standard
cybersecurity framework. NIST Special Publication 800-53 operates as one of the
forefront cybersecurity guidelines for federal agencies in the United States to maintain
their information security systems. These guidelines function to protect the security and
privacy of citizens being served. Exactly how many security controls are in NIST 800 53?
NIST SP 800-53 has had five revisions and is composed of over 1000 controls. This
catalog of security controls allows federal government agencies the recommended
security and privacy controls for federal information systems and organizations to
protect against potential security issues and cyber attacks. Here, we will take a look at
the 18 NIST 800-53 control families, and give a general overview of the requirements
for each.
CM - Configuration Management
CM controls are specific to an organization’s configuration management policies. This
includes a baseline configuration to operate as the basis for future builds or changes to
information systems. Additionally, this includes information system component
inventories and a security impact analysis control.
CP - Contingency Planning
The CP control family includes controls specific to an organization's contingency plan if a
cybersecurity event should occur. This includes controls like contingency plan testing,
updating, training, and backups, and system reconstitution.
PL - Planning
PL controls in NIST 800-53 are specific to an organization's security planning policies
and must address the purpose, scope, roles, responsibilities, management commitment,
coordination among entities, and organizational compliance.
PM - Program Management
The PM control family is specific to who manages your cybersecurity program and how it
operates. This includes, but is not limited to, a critical infrastructure plan, information
security program plan, plan of action milestones and processes, risk management
strategy, and enterprise architecture.
RA - Risk Assessment
The RA control family relates to an organization’s risk assessment policies and
vulnerability scanning capabilities. Using an integrated risk management solution like
CyberStrong can help streamline and automate your NIST 800 53 compliance efforts.