NIST 800-53

Last Updated: November 1, 2012

Definition - What does NIST 800-53 mean?

NIST 800-53 is a publication that recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security.

NIST 800-53 is published by the National Institute of Standards and Technology, which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. Agencies are expected to meet NIST guidelines and standards within one year of publication.

NIST 800-53 is also known as NIST Special Publication 800-53.

Techopedia explains NIST 800-53

NIST 800-53 subdivides security controls into common, custom and hybrid categories. Common controls are those often used throughout an organization. Custom controls are those intended to be used by an individual application or device. Hybrid controls start with a standard control and are customized per the requirements of a particular device or application.

NIST SP 800-53 is actually a part of the Special Publication 800-series, which reports on the following:
  • Information Technology Laboratory (ITL) guidelines, research and outreach initiatives in information system security
  • ITL’s actions with academic, industry and government organizations
NIST Special Publication 800-53 includes the procedures in the Risk Management Framework, which deal with security-control selection for federal information systems per the security requirements in Federal Information Processing Standard (FIPS) 200. This consists of the selection of a primary set of baseline security controls in accordance with a FIPS 199 worst-case impact analysis, creating standard security controls, as well as adding the security controls in line with an organizational risk assessment. The security rules cover 17 areas, including incident response, access control, ability for disaster recovery and business continuity.
Share this: