STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.

NIST 800-53 Controls

Rev 5Rev 4

Browse 862 security and privacy controls across 26 families. (filtered to Low, Moderate, Privacy, No Baseline baselines)

Each control is linked to DISA CCI identifiers and STIG checks. Search for fast lookup by control ID or CCI. Switch to Rev 5 for the latest controls.

Control FamiliesAll Controls862
AC Access Control112AP Authority and Purpose2AR Accountability, Audit, and Risk Management8AT Awareness and Training10AU Audit and Accountability58CA Assessment, Authorization, and Monitoring22CM Configuration Management50CP Contingency Planning48DI Data Quality and Integrity5DM Data Minimization and Retention6IA Identification and Authentication56IP Individual Participation and Redress6IR Incident Response34MA Maintenance26MP Media Protection22PE Physical and Environmental Protection50PL Planning10PM Program Management16PS Personnel Security15RA Risk Assessment13SA System and Services Acquisition86SC System and Communications Protection116SE Security2SI System and Information Integrity82TR Transparency5UL Use Limitation2

SA — System and Services Acquisition

20 base controls

SA-1System and Services Acquisition Policy and Procedures
21 CCIs
SA-2Allocation of Resources
11 CCIs
SA-3System Development Life Cycle
16 CCIs
SA-4Acquisition Process
21 CCIs
SA-5Information System Documentation
24 CCIs
SA-8Security Engineering Principles
10 CCIs
SA-9External Information System Services
15 CCIs
SA-10Developer Configuration Management
33 CCIs
SA-11Developer Security Testing and Evaluation
21 CCIs
SA-12Supply Chain Protection
2 CCIs
SA-13Trustworthiness
6 CCIs
SA-14Criticality Analysis
7 CCIs
SA-15Development Process, Standards, and Tools
21 CCIs
SA-16Developer-provided Training
4 CCIs
SA-17Developer Security Architecture and Design
10 CCIs
SA-18System and Services Acquisition
1 CCIs
SA-19System and Services Acquisition
11 CCIs
SA-20Customized Development of Critical Components
2 CCIs
SA-21Developer Screening
5 CCIs
SA-22Unsupported System Components
5 CCIs