NIST SP 800-53 is a risk management framework that provides a standard of security and privacy controls for information systems and organizations to protect organizational operations, assets, and individuals from a diverse set of threats such as hostile attacks, human errors, natural disasters, structural failures, and privacy risks. NIST SP 800-53 breaks these guidelines up into 3 minimum security controls spread across 18 different control families. NIST SP 800-53 provides the baseline for CSF, FedRamp, DISA, HIPAA, and FINRA regulatory frameworks among others.
The c1 Policy to Control Mapper application uses control families to help compliance teams easily align controls to related policies. These policies are labeled with their respective families which are then used to align to specific controls correlated to the policy’s family.