ControlMap

NIST SP 800-53 Rev 5

NIST Special Publication 800-53 Revision 5 provides a comprehensive catalog of security and privacy controls for federal information systems and organizations. With over 1,000 controls organized into 20 families, it serves as the foundation for FedRAMP, FISMA compliance, and the NIST Cybersecurity Framework. Control families cover access control, audit, configuration management, incident response, and more.

100%
Coverage
49
Controls Covered
0
Gaps
49
Total Controls

Covered Controls

Controls that have explicit mappings to 800-53 requirements.

Govern (6 controls)

Gp Governance Policy
PL-1, PM-1
 Rm Risk Management
RA-1, PM-9, PM-28
 Sc Supply Chain Risk
SR-1, SR-2, SR-3
 Rr Roles & Responsibilities
PM-2, PM-10, PS-7
 Cm Compliance
CA-2, CA-7, PM-4
 Vr Vendor Risk Mgmt
SA-9, SR-6, PM-30

Identify (6 controls)

Am Asset Management
CM-8, CM-9, PM-5
 Ra Risk Assessment
RA-3, RA-5
 Be Business Environment
PM-7, PM-11
 Da Data Classification
RA-2, SC-16
 Vn Vulnerability Mgmt
RA-5, SI-2, SI-5
 Ti Threat Intelligence
PM-16, RA-3, SI-5

Protect (21 controls)

Aw Awareness & Training
AT-1, AT-2, AT-3
 Ac Access Control
AC-1, AC-2, AC-3, AC-6
 Mf Multi-Factor Auth
IA-2
 En Encryption
SC-8, SC-12, SC-13, SC-28
 Dp Data Protection
MP-2, MP-4, SC-8, SC-28
 Bk Backup & Recovery
CP-9, CP-10
 Pa Privileged Access
AC-2, AC-6
 Fw Firewall / Net Seg
SC-7, AC-4
 Ep Endpoint Protection
SI-3, SI-4
 Pm Patch Management
SI-2, CM-3
 Cf Secure Config
CM-2, CM-6, CM-7
 Sd Secure Development
SA-3, SA-8, SA-11, SA-15
 Ml Email Security
SI-3, SI-8
 Ws Web Security
SC-7, SI-3
 Zt Zero Trust
AC-4, SC-7
 Mb Mobile Security
AC-19
 Cl Cloud Security
AC-20, SA-9
 Ds DNS Security
SC-7, SC-20, SC-21, SC-22
 Wf WAF
SC-7, SI-3
 Dl DLP
AC-4, SC-7
 Ap API Security
SC-7, SA-11

Detect (6 controls)

Sm Cont. Monitoring
CA-7, SI-4
 Lg Logging & Audit
AU-2, AU-3, AU-6, AU-12
 Id Intrusion Detection
SI-4
 An Anomaly Detection
SI-4, AC-2
 Sg SIEM / SOC
AU-6, SI-4
 It Insider Threat
PM-12, AC-6, AU-12

Respond (5 controls)

Ir Incident Response
IR-1, IR-4, IR-5, IR-6
 Fn Forensics
IR-4, AU-7
 Co Communication
IR-6, IR-7
 Mt Mitigation
IR-4, IR-5
 Rp Reporting
IR-6, IR-7, IR-8

Recover (5 controls)

Rc Recovery Planning
CP-2, CP-10
 Bc Business Continuity
CP-2, CP-6, CP-7
 Ll Lessons Learned
IR-4, CP-4
 Cr Comms & Restore
CP-2, IR-4
 Dr Disaster Recovery
CP-2, CP-10

800-53 vs Other Frameworks

800-53 provides 100% coverage of the 49 cybersecurity controls tracked by ControlMap. NIST CSF 2.0 covers 100%, ISO 27001 covers 100%, CIS v8 covers 90%, SOC 2 covers 100%, PCI DSS covers 100%, CMMC covers 94%, HIPAA covers 94%, GDPR covers 96%. For maximum coverage, organizations often combine 800-53 with complementary frameworks to address gaps in areas like niche domains.

Other Frameworks

NIST CSF 2.0 ISO 27001 CIS v8 SOC 2 PCI DSS CMMC HIPAA GDPR
View 800-53 in Interactive Dashboard