FISMA NIST 800-53 Rev. 4 Controls – By the Numbers

Fotolia_105749004_S_cropped

Have you even been in a FISMA discussion or meeting and someone asked how many actual NIST 800-53 controls they needed to meet and no one seemed to have the exact answer? Well just to make it easy for you we prepared the two tables below that provide the total controls and enhancements for low, moderate and high organizations. If you have any questions about how these apply to you come to our web site and request a free one hour phone consultation and we can discuss the most cost effective ways your organization can satisfy these controls.

NIST 800-53 Revision 4 Control Tally

(excluding PM and Privacy)

  LOW MODERATE HIGH
CONTROL FAMILY Number of Applicable Controls Number of Applicable Enhancements Number of Applicable Controls Number of Applicable Enhancements Number of Applicable Controls Number of Applicable Enhancements
AC- Access Control 11 0 17 18 18 25
AT- Awareness & Training 4 0 4 1 4 1
AU – Audit and Accountability 10 0 11 7 12 16
CA – Security Assessment and Audit 7 0 7 3 8 4
CM – Configuration Management 8 0 11 10 11 20
CP – Contingency Planning 6 0 9 13 9 26
IA – Identification and Authentication 7 8 8 14 8 16
IR – Incident Response 7 0 8 4 8 8
MA – Maintenance 4 0 6 3 6 7
MP – Media Protection 4 0 7 2 7 5
PE – Physical and Environmental 10 0 16 2 17 9
PL- Planning 3 0 4 2 4 2
PS – Personnel Security 8 0 8 0 8 1
RA – Risk Assessment 4 0 4 3 4 4
SA – System and Services Acquisition 6 1 9 5 13 5
SC – System and Communications 10 0 19 5 21 9
SI – System and Information Integrity 6 0 11 10 12 15
TOTALS 115 9 159 102 170 173

NIST 800-53 Revision 4 Control Tally

(including PM and Privacy)

  LOW MODERATE HIGH
CONTROL FAMILY Number of Applicable Controls Number of Applicable Enhancements Number of Applicable Controls Number of Applicable Enhancements Number of Applicable Controls Number of Applicable Enhancements
AC- Access Control 11 0 17 18 18 25
AT- Awareness & Training 4 0 4 1 4 1
AU – Audit and Accountability 10 0 11 7 12 16
CA – Security Assessment and Audit 7 0 7 3 8 4
CM – Configuration Management 8 0 11 10 11 20
CP – Contingency Planning 6 0 9 13 9 26
IA – Identification and Authentication 7 8 8 14 8 16
IR – Incident Response 7 0 8 4 8 8
MA – Maintenance 4 0 6 3 6 7
MP – Media Protection 4 0 7 2 7 5
PE – Physical and Environmental 10 0 16 2 17 9
PL- Planning 3 0 4 2 4 2
PS – Personnel Security 8 0 8 0 8 1
RA – Risk Assessment 4 0 4 3 4 4
SA – System and Services Acquisition 6 1 9 5 13 5
SC – System and Communications 10 0 19 5 21 9
SI – System and Information Integrity 6 0 11 10 12 15
PM – Program Management 16 0 16 0 16 0
Privacy 26 0 26 0 26 0
TOTALS 157 9 201 102 212 173