NIST 800-53

compliance

Comprehensive catalog of security and privacy controls published by the National Institute of Standards and Technology.

What is NIST 800-53?

NIST Special Publication 800-53 provides a catalog of security and privacy controls for federal information systems. It organizes controls into families (Access Control, Audit and Accountability, Identification and Authentication, etc.) with control enhancements for higher security needs. Revision 5 added privacy controls and updated the catalog for modern threats.

In Microsoft 365

NIST 800-53 controls map to Azure AD and Microsoft 365 security features. The IA (Identification and Authentication) family maps to MFA and authentication policies, AC (Access Control) to Conditional Access, and AU (Audit and Accountability) to logging capabilities. FedRAMP uses NIST 800-53 as its control baseline.

Examples

  • 1IA-2(1) Multi-Factor Authentication
  • 2AC-2(7) Role-Based Schemes
  • 3AU-2 Audit Events

Related TrueConfig Controls

These controls help implement and verify nist 800-53 in your Microsoft 365 environment.

ID-01User MFA RegistrationPA-01Limit Global Administrators to 2-4PA-04Require PIM for All Privileged RolesLOG-01Enable Unified Audit LoggingLOG-02Export Logs to Long-Term Storage

Frequently Asked Questions

What is NIST 800-53?
Comprehensive catalog of security and privacy controls published by the National Institute of Standards and Technology.
How does NIST 800-53 work in Microsoft 365?
NIST 800-53 controls map to Azure AD and Microsoft 365 security features. The IA (Identification and Authentication) family maps to MFA and authentication policies, AC (Access Control) to Conditional Access, and AU (Audit and Accountability) to logging capabilities. FedRAMP uses NIST 800-53 as its control baseline.
What are examples of NIST 800-53?
Examples of NIST 800-53 include: IA-2(1) Multi-Factor Authentication, AC-2(7) Role-Based Schemes, AU-2 Audit Events.
Which TrueConfig controls relate to NIST 800-53?
TrueConfig controls related to NIST 800-53 include: ID-01, PA-01, PA-04, LOG-01, LOG-02. These controls help implement and verify nist 800-53 in your environment.

Related Terms

FedRAMP

US government program providing standardized security assessment for cloud services used by federal agencies.

← Back to GlossaryBrowse Controls →