Quick Answer: How many security control families are there?

NIST SP 800-53 provides 18 security control families that address baselines for controls and safeguards for federal information systems and organizations.

How many control families are there?

The controls are broken into 3 classes based on impact – low, moderate, and high – and split into 18 different families. The NIST SP 800-53 security control families are: Access Control. Audit and Accountability.

How many security controls are there?

NIST 800-53 Revision 4 Control Tally

AU – Audit and Accountability 10 7
CA – Security Assessment and Audit 7 3
CM – Configuration Management 8 10
CP – Contingency Planning 6 13

What are the 18 control families?

Control Families:

  • AC – Access Control.
  • AU – Audit and Accountability.
  • AT – Awareness and Training.
  • CM – Configuration Management.
  • CP – Contingency Planning.
  • IA – Identification and Authentication.
  • IR – Incident Response.
  • MA – Maintenance.

How many 800 53 controls are there?

NIST SP 800-53 R4 contains over 900 unique security controls that encompass 18 control families. NIST controls are generally used to enhance the cybersecurity framework, risk posture, information protection, and security standards of organizations.

IMPORTANT:  What is protection class rating?

What are the security control families?

NIST 800 53 Control Families

  • AC – Access Control. …
  • AU – Audit and Accountability. …
  • AT – Awareness and Training. …
  • CM – Configuration Management. …
  • CP – Contingency Planning. …
  • IA – Identification and Authentication. …
  • IR – Incident Response. …
  • MA – Maintenance.

What are the NIST control families?

Control Families


What are the three types of security controls?

There are three primary areas or classifications of security controls. These include management security, operational security, and physical security controls.

What are the types of security controls?

There are three main types of IT security controls including technical, administrative, and physical. The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent.

How many controls are there in NIST CSF?

The NIST Cybersecurity Framework organizes its “core” material into five “functions” which are subdivided into a total of 23 “categories”. For each category, it defines a number of subcategories of cybersecurity outcomes and security controls, with 108 subcategories in all.

What is NIST 800-171 used for?

What is the purpose of NIST 800-171? The cybersecurity requirements within NIST 800-171 are designed to safeguard CUI in the IT networks of government contractors and subcontractors. It defines the practices and procedures that government contractors must adhere to when their networks process or store CUI.

IMPORTANT:  How do I install Microsoft security updates?

Who does NIST 800-53 apply to?

NIST 800-53 is mandatory for all U.S. federal information systems except those related to national security, and is technology-neutral. However, its guidelines can be adopted by any organization operating an information system with sensitive or regulated data.

What is NIST 800 53B?

NIST Special Publication (SP) 800-53B, Control Baselines for Information Systems and Organizations, provides security and privacy control baselines for the Federal Government. … Control baselines provide a starting point for organizations in the security and privacy control selection process.

How many controls does NIST 800-171 have?

NIST 800-171 is shorter and simpler than 800-53: It contains 110 controls across 14 control families, in a publication only 76 pages long.

What is the difference between NIST 800-53 and 800?

The key distinction between NIST 800-171 vs 800-53 is that 800-171 refers to non-federal networks and NIST 800-53 applies directly to any federal organization.

What Cnssi 1253?

1253 (CNSSI 1253), Security Categorization and Control Selection for National Security Systems provides all federal government departments, agencies, bureaus, and offices with a guidance for security categorization of National Security Systems (NSS) that collect, generate, process, store, display, transmit, or receive …