STIGs RMF Controls Compare

STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago

Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.

NIST 800-53 Controls

Baselines:All Low Moderate High Privacy No Baseline

Browse 425 security and privacy controls across 20 families. (filtered to High, Low, Privacy baselines)

Each control is linked to DISA CCI identifiers and STIG checks. Search for fast lookup by control ID or CCI.

Control Families

All Controls425

AC Access Control47 AT Awareness and Training7 AU Audit and Accountability26 CA Assessment, Authorization, and Monitoring14 CM Configuration Management32 CP Contingency Planning35 IA Identification and Authentication26 IR Incident Response20 MA Maintenance12 MP Media Protection10 PE Physical and Environmental Protection26 PL Planning8 PM Program Management24 PS Personnel Security10 PT PII Processing and Transparency13 RA Risk Assessment12 SA System and Services Acquisition22 SC System and Communications Protection33 SI System and Information Integrity34 SR Supply Chain Risk Management14

PM — Program Management

22 base controls

PM-3Information Security and Privacy Resources

8 CCIs

PM-4Plan of Action and Milestones Process

14 CCIs

PM-6Measures of Performance

6 CCIs

PM-7Enterprise Architecture

4 CCIs

PM-8Critical Infrastructure Plan

4 CCIs

PM-9Risk Management Strategy

5 CCIs

PM-10Authorization Process

7 CCIs

PM-11Mission and Business Process Definition

6 CCIs

PM-13Security and Privacy Workforce

2 CCIs

PM-14Testing, Training, and Monitoring

21 CCIs

PM-17Protecting Controlled Unclassified Information on External Systems

6 CCIs

PM-18Privacy Program Plan

18 CCIs

PM-19Privacy Program Leadership Role

4 CCIs

PM-20Dissemination of Privacy Program Information

5 CCIs

PM-21Accounting of Disclosures

8 CCIs

PM-22Personally Identifiable Information Quality Management

8 CCIs

PM-24Data Integrity Board

2 CCIs

PM-25Minimization of Personally Identifiable Information Used in Testing, Training, and Research

10 CCIs

PM-26Complaint Management

11 CCIs

PM-27Privacy Reporting

8 CCIs

PM-28Risk Framing

8 CCIs

PM-31Continuous Monitoring Strategy

23 CCIs