NIST SP 800-53A Rev. 5

United States

vRev 5

19 domains

48 controls

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Guideline for Conducting Security Assessments

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (19)

Assessment Governance

1 controls

Controls in the Assessment Governance domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-ASSESSOR-INDEP	Establish Assessor Independence	The level of assessor independence must match the system impact level and the use of the assessment results. Independenc...

Assessment Methods

4 controls

Controls in the Assessment Methods domain of NIST SP 800-53A Rev. 5 — 4 controls
Code	Title	Description
53A-METHOD-EXAMINE	Apply the Examine Assessment Method	The examine method involves reviewing, inspecting, observing, studying, or analyzing assessment objects such as policies...
53A-METHOD-INTERVIEW	Apply the Interview Assessment Method	The interview method involves holding discussions with individuals or groups within the organization to facilitate under...
53A-METHOD-TEST	Apply the Test Assessment Method	The test method involves exercising one or more assessment objects under specified conditions to compare actual behavior...
53A-SAMPLING	Apply Sampling for Population Assessments	When assessment objects are large populations such as user accounts or endpoints, assessors may use sampling. The sampli...

Assessment Planning

2 controls

Controls in the Assessment Planning domain of NIST SP 800-53A Rev. 5 — 2 controls
Code	Title	Description
53A-ASMT-PLAN	Develop a Security and Privacy Assessment Plan	Organizations must produce a documented assessment plan that identifies the controls in scope, the assessment objectives...
53A-OBJECT-INVENTORY	Identify Assessment Objects	Assessment objects are specifications, mechanisms, activities, and individuals subject to examination, interview, or tes...

Assessment Procedures

1 controls

Controls in the Assessment Procedures domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-OBJECTIVE	Define Assessment Objectives and Determination Statements	Each control assessment must include determination statements derived from the control requirements. Each statement is e...

Assessment Rigor

1 controls

Controls in the Assessment Rigor domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-DEPTH-COVERAGE	Determine Assessment Depth and Coverage	Assessors select depth (basic, focused, comprehensive) and coverage (basic, focused, comprehensive) attributes for each...

Automation

1 controls

Controls in the Automation domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-AUTOMATED-EVID	Use Automated Evidence Collection	Automated tools may collect configuration, vulnerability, and event evidence to support assessments. The tools must be v...

Control Inheritance

1 controls

Controls in the Control Inheritance domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-CONTROL-INHERIT	Assess Inherited and Hybrid Controls	Controls inherited from common control providers or shared with external systems must be assessed with reference to the...

Evidence Management

1 controls

Controls in the Evidence Management domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-EVIDENCE-CHAIN	Maintain Evidence Chain of Custody	Evidence collected during assessments must be preserved with chain of custody, version control, and integrity protection...

NIST SP 800-53A: Access Control & Identity

6 controls

Managing access to information systems (NIST SP 800-53A)

Controls in the NIST SP 800-53A: Access Control & Identity domain of NIST SP 800-53A Rev. 5 — 6 controls
Code	Title	Description
SP800-53A-METHOD-EXAMINE	Assessment Method: Examine	Review, inspect, observe, study, or analyze assessment objects (specifications, mechanisms, activities) to facilitate un...
SP800-53A-METHOD-INTERVIEW	Assessment Method: Interview	Hold discussions with individuals or groups to facilitate understanding, achieve clarification, or lead to the location...
SP800-53A-METHOD-TEST	Assessment Method: Test	Exercise assessment objects under specified conditions to compare actual behavior with expected behavior.
SP800-53A-OBJECTS	Assessment Objects	Identify the specifications, mechanisms, activities, and individuals that the assessment methods are applied to.
SP800-53A-STEP-PLAN	Develop Security and Privacy Assessment Plans	Develop assessment plans that document the controls and enhancements to be assessed, procedures to be used, and the asse...
SP800-53A-STEP-PREPARE	Prepare for Control Assessments	Conduct activities essential to an effective assessment prior to execution, including gathering documentation and establ...

NIST SP 800-53A: Audit & Accountability

3 controls

Audit logging and accountability measures (NIST SP 800-53A)

Controls in the NIST SP 800-53A: Audit & Accountability domain of NIST SP 800-53A Rev. 5 — 3 controls
Code	Title	Description
SP800-53A-FAM-SC	Assessment Procedures: System and Communications Protection (SC)	Determination statements and assessment procedures for the System and Communications Protection family.
SP800-53A-FAM-SI	Assessment Procedures: System and Information Integrity (SI)	Determination statements and assessment procedures for the System and Information Integrity family.
SP800-53A-FAM-SR	Assessment Procedures: Supply Chain Risk Management (SR)	Determination statements and assessment procedures for the Supply Chain Risk Management family.

NIST SP 800-53A: Configuration Management

5 controls

Managing system configurations securely (NIST SP 800-53A)

Controls in the NIST SP 800-53A: Configuration Management domain of NIST SP 800-53A Rev. 5 — 5 controls
Code	Title	Description
SP800-53A-FAM-PM	Assessment Procedures: Program Management (PM)	Determination statements and assessment procedures for the Program Management family.
SP800-53A-FAM-PS	Assessment Procedures: Personnel Security (PS)	Determination statements and assessment procedures for the Personnel Security family.
SP800-53A-FAM-PT	Assessment Procedures: PII Processing and Transparency (PT)	Determination statements and assessment procedures for the Personally Identifiable Information Processing and Transparen...
SP800-53A-FAM-RA	Assessment Procedures: Risk Assessment (RA)	Determination statements and assessment procedures for the Risk Assessment family.
SP800-53A-FAM-SA	Assessment Procedures: System and Services Acquisition (SA)	Determination statements and assessment procedures for the System and Services Acquisition family.

NIST SP 800-53A: Incident Response

5 controls

Detecting and responding to security incidents (NIST SP 800-53A)

Controls in the NIST SP 800-53A: Incident Response domain of NIST SP 800-53A Rev. 5 — 5 controls
Code	Title	Description
SP800-53A-FAM-IR	Assessment Procedures: Incident Response (IR)	Determination statements and assessment procedures for the Incident Response family.
SP800-53A-FAM-MA	Assessment Procedures: Maintenance (MA)	Determination statements and assessment procedures for the Maintenance family.
SP800-53A-FAM-MP	Assessment Procedures: Media Protection (MP)	Determination statements and assessment procedures for the Media Protection family.
SP800-53A-FAM-PE	Assessment Procedures: Physical and Environmental Protection (PE)	Determination statements and assessment procedures for the Physical and Environmental Protection family.
SP800-53A-FAM-PL	Assessment Procedures: Planning (PL)	Determination statements and assessment procedures for the Planning family.

NIST SP 800-53A: Risk Assessment & Management

5 controls

Identifying and managing cybersecurity risks (NIST SP 800-53A)

Controls in the NIST SP 800-53A: Risk Assessment & Management domain of NIST SP 800-53A Rev. 5 — 5 controls
Code	Title	Description
SP800-53A-FAM-AU	Assessment Procedures: Audit and Accountability (AU)	Determination statements and assessment procedures for the Audit and Accountability family.
SP800-53A-FAM-CA	Assessment Procedures: Assessment, Authorization, and Monitoring (CA)	Determination statements and assessment procedures for the Assessment, Authorization, and Monitoring family.
SP800-53A-FAM-CM	Assessment Procedures: Configuration Management (CM)	Determination statements and assessment procedures for the Configuration Management family.
SP800-53A-FAM-CP	Assessment Procedures: Contingency Planning (CP)	Determination statements and assessment procedures for the Contingency Planning family.
SP800-53A-FAM-IA	Assessment Procedures: Identification and Authentication (IA)	Determination statements and assessment procedures for the Identification and Authentication family.

NIST SP 800-53A: System & Communications Protection

6 controls

Protecting systems and communications (NIST SP 800-53A)

Controls in the NIST SP 800-53A: System & Communications Protection domain of NIST SP 800-53A Rev. 5 — 6 controls
Code	Title	Description
SP800-53A-FAM-AC	Assessment Procedures: Access Control (AC)	Determination statements and assessment procedures for the Access Control family.
SP800-53A-FAM-AT	Assessment Procedures: Awareness and Training (AT)	Determination statements and assessment procedures for the Awareness and Training family.
SP800-53A-STEP-ANALYZE	Analyze Assessment Report Results	Analyze findings of satisfied or other-than-satisfied for each determination statement and document the results in the a...
SP800-53A-STEP-CAPABILITY	Assess Security and Privacy Capabilities	Assess groups of controls that work together to provide a security or privacy capability, rather than only individual co...
SP800-53A-STEP-CONDUCT	Conduct Control Assessments	Execute the assessment plan by applying the assessment procedures to determine the extent to which controls are implemen...
SP800-53A-STEP-SELECT	Select and Tailor Assessment Procedures	Determine which controls are to be assessed, select assessment procedures, and tailor them to the operational and assura...

Ongoing Assessment

1 controls

Controls in the Ongoing Assessment domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-CONTINUOUS	Support Continuous Control Monitoring	Assessment procedures support ongoing authorization by enabling continuous monitoring of control effectiveness. Assessme...

Privacy Assessment

1 controls

Controls in the Privacy Assessment domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-PRIVACY-ASMT	Assess Privacy Controls	Privacy controls are assessed using the same methods as security controls, with particular attention to personally ident...

Remediation Validation

1 controls

Controls in the Remediation Validation domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-RETEST	Retest After Remediation	When findings are remediated, assessors retest to confirm the deficiency has been corrected and no new deficiencies were...

Reporting

2 controls

Controls in the Reporting domain of NIST SP 800-53A Rev. 5 — 2 controls
Code	Title	Description
53A-FINDINGS	Document Assessment Findings and Recommendations	Assessment findings must clearly state the determination, the evidence supporting it, the risk implication, and recommen...
53A-SAR	Produce Security and Privacy Assessment Report	The security and privacy assessment report (SAR) consolidates determination decisions, evidence, findings, and assessor...

Supply Chain

1 controls

Controls in the Supply Chain domain of NIST SP 800-53A Rev. 5 — 1 controls
Code	Title	Description
53A-SUPPLY-CHAIN	Assess Supply Chain Risk Management Controls	Supply chain risk management controls require assessment of vendor relationships, component provenance, and the integrit...

Maps to 1 other framework

48 total controls

NIST SP 800-53 Rev 5

30 source controls mapped|22 target controls covered

63%

Compare NIST SP 800-53A Rev. 5 with NIST SP 800-53 Rev 5

Frequently Asked Questions

What is NIST SP 800-53A Rev. 5?

NIST SP 800-53A Rev. 5 is a compliance framework from United States with 19 domains and 48 controls. Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Guideline for Conducting Security Assessments It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does NIST SP 800-53A Rev. 5 have?

NIST SP 800-53A Rev. 5 has 48 controls organised across 19 domains. The largest domains are NIST SP 800-53A: Access Control & Identity (6 controls), NIST SP 800-53A: System & Communications Protection (6 controls), NIST SP 800-53A: Configuration Management (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does NIST SP 800-53A Rev. 5 map to?

NIST SP 800-53A Rev. 5 maps to 1 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (63% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with NIST SP 800-53A Rev. 5 compliance?

Start your NIST SP 800-53A Rev. 5 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST SP 800-53A Rev. 5 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 48 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required