NIST 800-53R5 Governance, Risk and Compliance (GRC). NIST 800 Policies Review and Assessment.

NIST 800-53R5 Governance, Risk and Compliance. NIST 800 Policies Review and Assessment.

Security Family


Access Control

Policies and procedures to control access to information systems and data

Audit and Accountability

Processes to detect, report, and investigate security events and incidents

Awareness and Training

Programs to educate personnel about their roles and responsibilities regarding information security

Configuration Management

Processes to manage and control changes to information system configurations

Contingency Planning

Processes to ensure the continued availability of information systems in the event of a disruption

Identification and Authentication

Methods for identifying and authenticating users, processes, and devices

Incident Response

Procedures for responding to and reporting information security incidents


Procedures for maintaining and updating information systems and associated components

Media Protection

Procedures for protecting and controlling access to information system media

Personnel Security

Policies and procedures to ensure the trustworthiness and suitability of personnel with access to information systems

Physical and Environmental Protection

Physical security controls to protect information systems and data


Planning activities necessary to manage and maintain effective security programs

Program Management

Processes to manage and control security programs

Risk Assessment

Processes to assess and manage risk to organizational operations, assets, and individuals

Security Assessment and Authorization

Processes for assessing and authorizing information systems for operation

System and Services Acquisition

Processes for acquiring information systems, products, and services

System and Communications Protection

Controls to protect the confidentiality, integrity, and availability of information systems

System and Information Integrity

Processes to protect the integrity and availability of information and information systems
Be the first to comment