The National Institute of Standards and Technology (NIST) has issued its 5th catalog of security and privacy controls for information systems.
The purpose of NIST’s publication is to protect organizational operations from a diverse set of threats and risks.
The catalog addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms provided by the controls) and from an assurance perspective (i.e., the measure of confidence in the security or privacy capability provided by the controls). Addressing functionality and assurance helps to ensure that information technology products and the systems that rely on those products are sufficiently trustworthy.
The use of these controls is mandatory for federal information systems in accordance with Office of Management and Budget (OMB) Circular A-130 and the provisions of the Federal Information Security Modernization Act (FISMA), which requires the implementation of minimum controls to protect federal information and information systems.
The latest publication and supplemental materials can be downloaded from: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final.