Professional Documents
Culture Documents
4 (Appendix J) Control
AP-1: Authority to Collect
IP-3: Redress
This document is intended to support organizations who have been using the privacy controls in Appendix J in NIST
Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations, Revision 4, to tran
the integrated control catalog in Revision 5. The Revision 5 column indicates the controls that in NIST's determinatio
directly address the elements of Appendix J controls. Very few of the Appendix J controls were transferred to Revisi
their entirety. In most cases, elements of Appendix J controls were distributed among multiple Revision 5 controls t
improve the integration and the text was changed to conform to the standardized control format or to enable the co
to be more usable within a risk management program. Organizations can use the Related Controls section for each R
5 control to identify other controls that may also support the transition.
Note: This document is only intended to provide pointers to how Appendix J controls evolved in the integrated cata
security and privacy controls for Revision 5. It is not intended to provide an example of a complete control selection
a privacy program. More information on selecting controls can be found in NIST SP 800-37, Risk Management Fram
for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy; SP 800-53; and SP
53B, Control Baselines for Information Systems and Organizations.