{"id":3394,"date":"2024-03-08T16:45:20","date_gmt":"2024-03-08T22:45:20","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=regulations&#038;p=3394"},"modified":"2024-03-21T09:38:53","modified_gmt":"2024-03-21T15:38:53","slug":"nist-sp-800-53","status":"publish","type":"regulations","link":"https:\/\/trustarc.com\/regulations\/nist-sp-800-53\/","title":{"rendered":"The National Institute of Standards and Technology (NIST) SP 800-53"},"content":{"rendered":"\t\t<section id=\"block_c784a6fe78a1888bda9028619122a08c\" class=\"hero-section-colors text-center bg-navy-gradient\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<span class=\"sub-title block font-bold \">Standard<\/span>\n\t\t\t\t\t\t\t\t\t\t<h1>The National Institute of Standards and Technology (NIST) SP 800-53<\/h1>\n\t\t\t\t\t<p>The NIST SP 800-53 (Security and Privacy Controls for Information Systems and Organizations), is a set of security and privacy controls for federal information systems and organizations to help meet the <em>Federal Information Security Management Act<\/em> (FISMA) requirements. <\/p>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t<section id=\"block_f00dc583f578c843d9e0b5a927215f30\" class=\"features-boxed\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<div class=\"max-width text-center\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2>Are you subject to NIST SP 800-53?<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h5>This framework is intended to serve a diverse audience, including:<\/h5>\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<ul class=\"feature-list\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wrap\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Data-Lock.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Individuals with system, information security, privacy, or risk management and oversight responsibilities.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wrap\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Update.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Individuals with system development responsibilities.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wrap\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Hidden.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Individuals with logistical or disposition-related responsibilities, including program managers, procurement officials, system integrators, and property managers.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wrap\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Personal-Data.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Individuals with security and privacy implementation and operations responsibilities.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wrap\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Collaborate.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Individuals with security and privacy assessment and monitoring responsibilities.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wrap\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Organization.svg\" class=\"attachment-full size-full\" alt=\"Organization or business entity icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Commercial entities, including industry partners, producing component products and systems, creating security and privacy technologies, or providing services or capabilities that support information security or privacy.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t<section id=\"block_a6b03fc5157b1267b4216baa1592936d\" class=\"columns-one text-left\" style=\"\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t<h2>Security and privacy controls under NIST SP 800-53<\/h2>\n<p>The NIST 800-53 framework provides a number of different controls and guidance across multiple security and access control families defined under a baseline of impact. These baselines are separated by high impact, medium impact, and low impact.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>The controls in NIST 800-53 cover various aspects of cybersecurity including:<\/strong><\/p>\n<ul>\n<li>Access control: managing access to information systems and data.<\/li>\n<li>Awareness and training: providing awareness and security training to employees, and elevated technical training for more privileged users.<\/li>\n<li>Audit and accountability: auditing and maintaining accountability of system activities.<\/li>\n<li>Configuration management: managing configuration changes to information systems.<\/li>\n<li>Identification and authentication: verifying the identity of users and devices.<\/li>\n<li>Individual participation: obtaining consent and authorizing privacy policies and practices.<\/li>\n<li>Incident response: detect, respond to, and recover from cybersecurity incidents.<\/li>\n<li>Maintenance: maintaining information systems and ensuring their integrity.<\/li>\n<li>Media protection: securing and protecting media access, use, storage, and transportation.<\/li>\n<li>Personnel security: screening internal and external personnel, setting up termination and transfer security policies.<\/li>\n<li>Physical and environmental protection: securing physical access to information systems.<\/li>\n<li>Planning: having strategies in place for comprehensive security architecture (such as defense in depth and third-party vendor security).<\/li>\n<li>Program management: having defined strategies for risk management, insider threats, and scaling architecture.<\/li>\n<li>Risk assessment: scanning vulnerabilities, having ongoing privacy impact, and risk assessments.<\/li>\n<li>Security assessment and authorization: penetration testing, and monitoring connections to public networks and external systems.<\/li>\n<li>System and services acquisition: implementing security across the system development lifecycle, new vendor contracts, and acquisitions.<\/li>\n<li>System and communications protection: partitioning applications, implementing cryptographic key management, and securing passwords and other sensitive data.<\/li>\n<li>System and information integrity: implementing system monitoring, alerting systems, and flaw remediation processes.<\/li>\n<\/ul>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t<section id=\"block_d7521fdaf40ff8a64e6e21367542b70a\" class=\"spacer\" style=\"height:100px;\">&nbsp;<\/section>\n\t\t\n\n\t\t<section id=\"block_7e4d6e4b073d806f1dde81a6f02abbe1\" class=\"cta-section has-gradient-purple color-white\">\n\t\t\t<div class=\"bg\">\n\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/bg-cta-rectangles-purple.png\" class=\"attachment-full size-full\" alt=\"\" srcset=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/bg-cta-rectangles-purple.png 1440w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/bg-cta-rectangles-purple-300x102.png 300w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/bg-cta-rectangles-purple-1024x347.png 1024w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/bg-cta-rectangles-purple-768x260.png 768w\" sizes=\"(max-width: 1440px) 100vw, 1440px\" \/>\t\t\t<\/div>\n\t\t\t<div class=\"container\">\n\t\t\t\t<div class=\"text-block\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"block h6\">Webinar<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<h2 class=\"h1\">Mitigating Third-Party Risk: Best Practices for CISOs<\/h2>\n\t\t\t\t\t\t<p>Join us for an insightful and informative webinar as we delve into mitigating third-party risks. This webinar will provide essential strategies and best practices to ensure robust security and privacy measures when collaborating with external entities.<\/p>\n\t\t\t\t\t\t<ul class=\"btn-list\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t<a href=\"\/resource\/webinar-mitigating-third-party-risk-best-practices-for-cisos\/\" class=\"btn\"><span>Watch now<\/span><\/a>\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t<section id=\"block_83df355043c46fce8589bca30f1deb72\" class=\"features-section\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<div class=\"max-width text-center\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2>Achieve compliance<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<div class=\"feature-w-images\">\n\t\t\t\t\t\t<ul class=\"list-w-links\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/products\/privacy-data-governance\/privacycentral\/\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"h6 block\">Privacy program development and compliance management<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\tIdentify gaps and track compliance with PrivacyCentral &#8211; assess NIST SP 800-53 specifics and get automatic guidance on building out a sustainable privacy program.\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"arrow\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/icon-arrow.svg\" alt=\"\" \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/products\/privacy-data-governance\/nymity-research\/\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"h6 block\">Regulatory and standards guidance<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\tStay ahead of regulatory and standard changes with expert guidance, ensuring your security and privacy practices remain compliant and up to date. \t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"arrow\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/icon-arrow.svg\" alt=\"\" \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<div class=\"img-area\">\n\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/03\/img-regulations-generic.png\" class=\"attachment-full size-full\" alt=\"\" srcset=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/03\/img-regulations-generic.png 644w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/03\/img-regulations-generic-300x220.png 300w\" sizes=\"(max-width: 644px) 100vw, 644px\" \/>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t<section id=\"block_a4e2fb42603a4a140fbcf53c2e1651e3\" class=\"accordions-section\" style=\"\">\n\t\t\t<div class=\"container\">\n\t\t\t\t<div class=\"max-width\">\n\t\t\t\t\t\t\t\t\t\t  <h2>FAQs<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<ul class=\"accordion\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t<a href=\"#\" class=\"opener\">What data does NIST SP 800-53 protect?<\/a>\n\t\t\t\t\t\t\t\t\t<div class=\"slide\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"slide-wrap\">\n\t\t\t\t\t\t\t\t\t\t\t<p>NIST SP 800-53 safeguards information systems against diverse threats, such as cybersecurity incidents, privacy breaches, and malicious attacks.<\/p>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t<a href=\"#\" class=\"opener\">What does NIST SP 800-53 cover?<\/a>\n\t\t\t\t\t\t\t\t\t<div class=\"slide\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"slide-wrap\">\n\t\t\t\t\t\t\t\t\t\t\t<p>NIST 800-53 is a set of guidelines that outlines the controls required to develop secure and resilient federal information systems. These controls comprise operational, technical, and management standards that are vital for maintaining information systems\u2019 confidentiality, integrity, and availability.<\/p>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t<a href=\"#\" class=\"opener\">How can NIST SP 800-53 bridge the gap between stakeholders?<\/a>\n\t\t\t\t\t\t\t\t\t<div class=\"slide\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"slide-wrap\">\n\t\t\t\t\t\t\t\t\t\t\t<p>The NIST comes from a risk-based approach, which executives can relate to. This approach fosters better communication and decision-making throughout your organization, with security budgets better justified and allocated. Adopting this framework develops a common language for business and technical stakeholders, facilitating improved communication from practitioners to the Board and CEO.<\/p>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t<a href=\"#\" class=\"opener\">What is the role of NIST SP 800-53 in compliance and regulation? <\/a>\n\t\t\t\t\t\t\t\t\t<div class=\"slide\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"slide-wrap\">\n\t\t\t\t\t\t\t\t\t\t\t<p>NIST SP 800-53 plays a crucial role in compliance and regulation within various sectors, including government agencies and industries handling sensitive information. Its role includes establishing standards and compliance framework and providing a basis for assessing an organization&#8217;s cybersecurity posture during audits and compliance reviews.<\/p>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t<section id=\"block_c887b0e0cb3383cd8379fd4af6287205\" class=\"resource-section bg-light-grey\">\n\t\t\t<div class=\"container\">\n\t\t\t<div class=\"resource-head\">\n\t\t\t\t\t\t\t<h2>Related resources<\/h2>\n\t\t\t\t<a href=\"\/resources\/\" class=\"cta block\">View all resources<\/a>\t\t<\/div>\n\t\t\t\t\t\t<ul class=\"resource-lists \">\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/data-protection-responsible-generative-ai-use\/\" class=\"resource-single\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"380\" height=\"120\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-purple-380x120.png\" class=\"attachment-380x120 size-380x120 wp-post-image\" alt=\"\" \/>\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">Articles<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Data Protection and Responsible Generative AI Use: A Comprehensive Guide<\/h4>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/the-business-case-for-data-minimization\/\" class=\"resource-single\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"380\" height=\"120\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-city-blue-test-380x120.png\" class=\"attachment-380x120 size-380x120 wp-post-image\" alt=\"\" \/>\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">Articles<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>The Business Case for Data Minimization<\/h4>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/webinar-managing-online-tracking-technology-vendors-a-checklist-for-compliance\/\" class=\"resource-single has-icon Webinars\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"380\" height=\"120\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-plus-pink-380x120.png\" class=\"attachment-380x120 size-380x120 wp-post-image\" alt=\"\" \/>\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">Webinars and Videos<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Managing Online Tracking Technology Vendors: A Checklist for Compliance<\/h4>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<\/div>\t\t<\/section>\n\t\t\n\n\t\t<section id=\"block_299adae795b9a24f318af2bafa413240\" class=\"columns-one text-center bg-light-grey\" style=\"padding-top:0;padding-bottom:0;overflow:hidden;\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t<p style=\"font-size:80%\"><strong>The information provided does not, and is not intended to, constitute legal advice.<\/strong> Instead, all information, content, and materials presented are for general informational purposes only.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Security and privacy controls to meet Federal Information Security Management Act (FISMA) requirements<\/p>\n","protected":false},"template":"","regulation":[97],"topic-regulation":[84,89,87],"class_list":["post-3394","regulations","type-regulations","status-publish","hentry","regulation-international","topic-regulation-privacy","topic-regulation-security","topic-regulation-standard"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The National Institute of Standards and Technology (NIST) SP 800-53 | TrustArc<\/title>\n<meta name=\"description\" content=\"Understand the compliance requirements outlined in NIST Special Publication 800-53 for cybersecurity and privacy. Meet requirements quickly with TrustArc.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustarc.com\/regulations\/nist-sp-800-53\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/regulations\\\/nist-sp-800-53\\\/\",\"url\":\"https:\\\/\\\/trustarc.com\\\/regulations\\\/nist-sp-800-53\\\/\",\"name\":\"The National Institute of Standards and Technology (NIST) SP 800-53 | TrustArc\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\"},\"datePublished\":\"2024-03-08T22:45:20+00:00\",\"dateModified\":\"2024-03-21T15:38:53+00:00\",\"description\":\"Understand the compliance requirements outlined in NIST Special Publication 800-53 for cybersecurity and privacy. Meet requirements quickly with TrustArc.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/trustarc.com\\\/regulations\\\/nist-sp-800-53\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\",\"url\":\"https:\\\/\\\/trustarc.com\\\/\",\"name\":\"TrustArc\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/trustarc.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The National Institute of Standards and Technology (NIST) SP 800-53 | TrustArc","description":"Understand the compliance requirements outlined in NIST Special Publication 800-53 for cybersecurity and privacy. Meet requirements quickly with TrustArc.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustarc.com\/regulations\/nist-sp-800-53\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustarc.com\/regulations\/nist-sp-800-53\/","url":"https:\/\/trustarc.com\/regulations\/nist-sp-800-53\/","name":"The National Institute of Standards and Technology (NIST) SP 800-53 | TrustArc","isPartOf":{"@id":"https:\/\/trustarc.com\/#website"},"datePublished":"2024-03-08T22:45:20+00:00","dateModified":"2024-03-21T15:38:53+00:00","description":"Understand the compliance requirements outlined in NIST Special Publication 800-53 for cybersecurity and privacy. Meet requirements quickly with TrustArc.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustarc.com\/regulations\/nist-sp-800-53\/"]}]},{"@type":"WebSite","@id":"https:\/\/trustarc.com\/#website","url":"https:\/\/trustarc.com\/","name":"TrustArc","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustarc.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/regulations\/3394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/regulations"}],"about":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/types\/regulations"}],"wp:attachment":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media?parent=3394"}],"wp:term":[{"taxonomy":"regulation","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/regulation?post=3394"},{"taxonomy":"topic-regulation","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/topic-regulation?post=3394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}