🤖 Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplacePrivacyNIST SP 800-53 Rev. 5.2
PrivacyControl set

NIST SP 800-53 Rev. 5.2

Security and Privacy Controls for Information Systems and Organizations

NIST Special Publication 800-53 Rev. 5 provides a comprehensive catalog of security and privacy controls designed to safeguard organizational operations, assets, and individuals from a broad spectrum of risks including cyberattacks, human mistakes, and natural disasters. It is widely used for implementing security measures as part of risk management frameworks.

Book your strategy callView source ↗

Overview

NIST SP 800-53 Rev. 5 delivers a consolidated and flexible set of security and privacy controls aimed at protecting information systems and organizations against threats such as hostile attacks, structural failures, and foreign intelligence activities. This publication is a crucial resource for federal agencies and other organizations that need to comply with various security requirements derived from laws, regulations, and policies. Notable updates in Rev. 5 include integration and expansion of privacy controls, increased emphasis on trustworthiness and assurance, and mappings to other frameworks like the NIST Cybersecurity Framework and ISO/IEC 27001:2022. It targets both functionality and confidence in security and privacy capabilities to ensure trustworthy systems.

Related in Privacy

PrivacyLaw

PRIS Act — Privacy and Responsible Information Sharing Act 2024

The Privacy and Responsible Information Sharing Act 2024 (PRIS Act) establishes a privacy framework for the Western Australian public sector. It introduces Information Privacy Principles (IPPs) and provisions for privacy complaints, privacy impact assessments, and a notifiable information breach scheme.

Government of Western Australia • Western Australia

View details
PrivacyRegulation

India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules

The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.

Government of India • India • v2025

View details
PrivacyLaw

India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)

The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.

Government of India • India • v2023

View details
PrivacyLaw

Privacy Act

The Privacy Act of Canada governs the collection, use, retention, and disclosure of personal information by federal government institutions. It ensures that individuals have the right to access and correct their personal information held by the government.

Government of Canada • Canada

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call