[3] The security rules cover 20 areas including access control, incident response, business continuity, and disaster recovery.

[1] NIST Special Publication 800-53 was initially released in February 2005 as "Recommended Security Controls for Federal Information Systems.

"[5] NIST Special Publication 800-53 Revision 1 was initially released in December 2006 as "Recommended Security Controls for Federal Information Systems."

NIST Special Publication 800-53 Revision 2 was initially released in December 2007 as "Recommended Security Controls for Federal Information Systems."

The revised security control catalog also includes state-of-the-practice safeguards and countermeasures to address advanced cyber threats and exploits.

Significant changes in this revision of the document include As part of the ongoing cyber security partnership among the United States Department of Defense, the intelligence community, and the federal civil agencies, NIST has launched its biennial update to Special Publication 800‐53, "Security and Privacy Controls for Federal Information Systems and Organizations," with an initial public draft released on February 28, 2012.

"[9] Per the NIST Computer Security Resource Center (CSRC),[10] major changes to the publication include: As of September 2019[update], Revision 5 was delayed due to a potential disagreement among the Office of Information and Regulatory Affairs (OIRA) and other U.S.

[4] These assessment guidelines are designed to enable periodic testing and are used by federal agencies to determine what security controls are necessary to protect organizational operations and assets, individuals, other organizations, and the nation.

The baselines establish default controls based on FISMA rates (Privacy, Low, Moderate, and High) and can be easily tailored to organizational risk management processes.