Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.matproof.com/llms.txt

Use this file to discover all available pages before exploring further.

NIST SP 800-53

Overview

NIST Special Publication 800-53 Revision 5 is the U.S. federal catalog of security and privacy controls for federal information systems and organizations. It is the foundational control set behind FedRAMP, FISMA, the DoD Risk Management Framework, and many state and sector-specific U.S. compliance regimes. Matproof ships the full Revision 5 control catalog with mappings into your other adopted frameworks.

Who It Applies To

  • U.S. federal agencies — Required under FISMA
  • Federal contractors and FedRAMP CSPs — Cloud providers serving the U.S. federal government
  • DoD and intelligence community systems — Through the Risk Management Framework (RMF)
  • State and local governments — Many adopt 800-53 as a baseline by reference
  • Private organizations that need to demonstrate alignment with U.S. federal expectations

Control Families

NIST 800-53 organizes controls into 20 families. The major ones:
FamilyCodeFocus
Access ControlACAccount management, separation of duties, remote access
Awareness and TrainingATSecurity awareness program
Audit and AccountabilityAULogging, monitoring, audit retention
Assessment, Authorization, MonitoringCASystem assessments, ATO process
Configuration ManagementCMBaseline configurations, change control
Contingency PlanningCPBackup, DR, COOP
Identification and AuthenticationIAMFA, credential management
Incident ResponseIRIR plan, reporting, training
MaintenanceMASystem maintenance procedures
Media ProtectionMPSanitization, transport, disposal
Physical and Environmental ProtectionPEFacility security
PlanningPLSystem security plan, rules of behavior
Personnel SecurityPSBackground checks, termination procedures
Risk AssessmentRARisk assessments, vulnerability scanning
System and Services AcquisitionSASupplier risk, secure SDLC
System and Communications ProtectionSCBoundary protection, cryptography
System and Information IntegritySIFlaw remediation, malicious code protection
Supply Chain Risk ManagementSRC-SCRM program, supplier review
PrivacyPT, PMPrivacy controls (added in Rev 5)

Control Baselines

NIST 800-53 controls apply via baselines depending on system impact level:
  • LOW baseline — minimum controls for low-impact systems
  • MODERATE baseline — most federal systems sit here
  • HIGH baseline — systems where loss of confidentiality, integrity, or availability would have catastrophic impact
Matproof lets you select a baseline when adopting NIST 800-53; only the relevant controls are included in your program.

How Matproof Helps

Control Catalog

  • Full Revision 5 control catalog (1,189 controls including enhancements)
  • Pre-tagged by family and baseline
  • Searchable across control text and supplemental guidance

FedRAMP Alignment

  • FedRAMP LOW / MODERATE / HIGH baselines pre-configured
  • FedRAMP-specific control parameters tracked
  • Continuous Monitoring (ConMon) artifact templates

Cross-Framework Mapping

NIST 800-53 maps extensively into other frameworks Matproof ships:
  • ISO 27001 — Annex A controls
  • SOC 2 — Trust Services Criteria
  • NIST Cybersecurity Framework (CSF) — through the CSF-to-800-53 informative references
  • HIPAA — Security Rule safeguards
  • DORA / NIS2 — security requirements
A single piece of evidence (e.g. an MFA configuration screenshot) can satisfy controls across all of these frameworks at once.

Evidence Automation

  • Cloud integration evidence (AWS, Azure, GCP) automatically populates AC, AU, CM, IA, SC controls
  • Device Agent evidence populates SI, CM, AC controls for endpoints
  • Manual evidence with structured templates for the rest

System Security Plan (SSP)

  • Generate SSPs from your control implementations
  • Export-ready format for ATO submissions
  • Continuous updates as controls change

Getting Started

  1. Select NIST 800-53 as a framework during onboarding (or in Settings > Frameworks)
  2. Choose your impact baseline: LOW / MODERATE / HIGH (or full catalog)
  3. Review the control mapping into your other adopted frameworks
  4. Assign control owners across your organization
  5. Connect cloud and identity integrations to start populating evidence

NIST CSF

The companion Cybersecurity Framework — risk-based, lighter weight

Frameworks Overview

See all 16 frameworks Matproof supports