NIST SP 800-53 provides a catalog of security and privacy controls for federal information systems. Organized into control families: AC (Access Control), IA (Identification and Authentication), SI (System Integrity).
Required for US federal agencies (FISMA). Widely adopted by non-federal organizations. Control baselines: Low, Moderate, High impact levels. Maps to NIST CSF functions. 800-53B provides control baselines. 800-171 covers CUI in non-federal systems.