Full Rev5 Control Reference¶
This section provides a stable reference for every active control and control enhancement in the vendored NIST SP 800-53 Revision 5 OSCAL catalog. Use it to review the original NIST control statement, identify FedRAMP Rev5 baseline applicability, and see any additional FedRAMP guidance or organization-assigned parameter values.
The reference contains 1014 active controls and control enhancements across 20 families. Withdrawn controls are not included.
Official NIST OSCAL source
Electronic (OSCAL) Version of NIST SP 800-53 Rev 5.2.0 Controls and SP 800-53A Rev 5.2.0 Assessment Procedures
- Catalog version: 5.2.0
- OSCAL version: 1.2.2
- Catalog last modified: May 11, 2026
Control Families¶
| Family | ID | Controls and enhancements |
|---|---|---|
| Access Control | AC |
131 |
| Awareness and Training | AT |
15 |
| Audit and Accountability | AU |
56 |
| Assessment, Authorization, and Monitoring | CA |
25 |
| Configuration Management | CM |
56 |
| Contingency Planning | CP |
49 |
| Identification and Authentication | IA |
59 |
| Incident Response | IR |
40 |
| Maintenance | MA |
28 |
| Media Protection | MP |
20 |
| Physical and Environmental Protection | PE |
51 |
| Planning | PL |
11 |
| Program Management | PM |
37 |
| Personnel Security | PS |
17 |
| Personally Identifiable Information Processing and Transparency | PT |
21 |
| Risk Assessment | RA |
22 |
| System and Services Acquisition | SA |
108 |
| System and Communications Protection | SC |
139 |
| System and Information Integrity | SI |
102 |
| Supply Chain Risk Management | SR |
27 |