# NIST 800-53 The [National Institute of Standards and Technology (NIST)](https://www.nist.gov/about-nist) operated by the US Department of Commerce provides technology control guidance and measurement frameworks for [[cybersecurity]] to stimulate innovation. The [NIST 800-53 framework](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home) provides an organization-wide set of controls and objectives to comply with NIST guidance. ## Capability Scope | **NIST 800-53 Category** | **Capability Scope** | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [AC](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AC) - Access Control | L0: [[Identity and Access Management]] <br />L0: Information Technology <br />L2: [[Defense Modeling]] <br />L2: [[Policy Management]] <br />L2: [[Standards Management]] | | [AT](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AT) - Awareness and Training | L0: Human Resources <br />L2: [[Adversary Intelligence]] | | [AU](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=AU) - Audit and Accountability | L0: [[Compliance]] <br />L2: [[Dwell Analytics]] <br />L2: [[Alert Correlation]] | | [CA](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=CA) - Assessment, Authorization, and Monitoring | L0: Information Technology <br />L2: [[Defense Modeling]] <br />L1: [[Control Verification]] | | [CM](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=CM) - Configuration Management | L0: Software Engineering <br />L0: [[Policy Automation]] | | [CP](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=CP) - Contingency Planning | L0: Facilities <br />L0: Information Technology | | [IA](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=IA) - Identification and Authentication | L0: [[Identity and Access Management]] | | [IR](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=IR) - Incident Response | L1: [[Incident Containment]] <br />L0: Legal <br />L0: Marketing | | [MA](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=MA) - Maintenance | L0: Legal<br>L2: [[Standards Management]]<br>L2: [[Policy Management]]<br>L2: [[Remediation Management]] | | [MP](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=MP) - Media Protection | L0: Facilities <br />L0: Information Technology | | [PE](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=PE) - Physical and Environmental Protection | L0: Facilities | | [PL](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=PL) - Planning | L1: [[Adversary Research]]<br>L2: [[Defense Modeling]]<br>L2: [[Test Plan Management]]<br>L2: [[Threshold Management]] | | [PM](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=PM) - Program Management | L0: [[Compliance]] | | [PS](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=PS) - Personnel Security | L0: Human Resources <br />L0: Facilities | | [PT](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=PT) - Personally Identifiable Information Processing and Transparency | L0: Legal<br>L2: [[Standards Management]]<br>L2: [[Policy Management]] | | [RA](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=RA) - Risk Assessment | L2: [[Resilience Testing]]<br>L2: [[Risk Prioritization]]<br>L2: [[Remediation Management]] | | [SA](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SA) - System and Services Acquisition | L0: Information Technology <br />L0: Finance | | [SC](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SC) - System and Communications Protection | L1: [[Threat Mitigation]] | | [SI](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SI) - System and Information Integrity | L1: [[Threat Mitigation]]<br>L2: [[Alert Correlation]] | | [SR](https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home?element=SR) - Supply Chain Risk Management | L2: [[Adversary Intelligence]]<br>L2: [[Attack Surface Enumeration]]<br>L2: [[Risk Prioritization]]<br> | ## Inspiration & Resources + https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_1/home ## Release Notes + [[Q2 2024 Release#Map NIST 800-53 to Cybersecurity Capabilities]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.