Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST issues revised version of Recommended Security Controls for Federal Information Systems

The National Institute of Standards and Technology (NIST) has issued a revised version of Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53). First issued in February 2005, SP 800-53 is one of the key standards and guidelines developed by NIST to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA).

The publication recommends management, operational and technical controls needed to protect the confidentiality, integrity and availability of federal information systems. The controls are organized into 17 families, including risk assessment, contingency planning, access control and incident response. The changes focus on clarifying the security controls, eliminating redundancies and expanding supplemental guidance. Specific changes include: expanded information on the media protection family to address powerful, highly mobile processing and storage devices; new concepts to promote more cost-effective assessments, extend the life of security accreditations over time and reduce the paperwork associated with reaccreditations; and a more thorough discussion of the implications and risks of using external information system services and service providers.

The changes reflect the first of what will be a biennial review and update cycle for SP 800-53. The document is available at

Released December 21, 2006, Updated January 23, 2023