Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Control Baselines for Information Systems and Organizations

Published

Author(s)

Ronald S. Ross, Victoria Y. Pillitteri

Abstract

This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is applied to systems irrespective of impact level. In addition to the control baselines, this publication provides tailoring guidance and a set of working assumptions that help guide and inform the control selection process. Finally, this publication provides guidance on the development of overlays to facilitate control baseline customization for specific communities of interest, technologies, and environments of operation.
Citation
Special Publication (NIST SP) - 800-53B
Report Number
800-53B

Keywords

assurance, impact level, privacy control, privacy control baseline, security control, security control baseline, tailoring, control selection, control overlays

Citation

Ross, R. and Pillitteri, V. (2020), Control Baselines for Information Systems and Organizations, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-53B (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created October 28, 2020, Updated August 29, 2025
Was this page helpful?