Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


NIST 800-53: Introduction to Security and Privacy Controls

via Cybrary


In this course, we will learn how 800-53 fits into the Risk Management Framework (RMF) since the knowledge is fundamental to understanding the importance of the security controls. After studying the steps in RMF, students will discover the history of the 800-53 document based on the revisions to the original.

Understanding the history is essential since cybersecurity professionals may work at an organization that has not adopted the latest revision. After gaining the foundational knowledge of 800-53, students will delve into the components and structure of the security controls. The structure includes the control families and the reason NIST organized the controls to meet FIPS 200 guidance. After learning about the control family organization, we will discuss the differences between system, hybrid, and common controls since this hierarchical implementation of security delineates the boundaries of responsibility within an organization. With an understanding of the families, organization, and types of security controls, students are ready to learn about the internal structure of the 800-53 controls. Finally, we will learn about how cybersecurity professionals will encounter security controls, such as System Security Plans (SSP), Plan of Actions & Milestones (POA&M), risk assessments, or reports from automated security tools.


Individuals who wish to take this course should have a basic understanding ofthe NIST Risk Management Framework (RMF), how to categorize a system (FIPS 199), have some understanding of basic security principles (NIST 800-12), and understand the components of Confidentiality, Integrity, & Availability. These principles are not hard requirements and will be reviewed during the course. The target audience for the course is anyone in the cybersecurity field who interacts with or needs to understand NIST 800-53 controls.

Course Goals

By the end of this course, students should be able to:

  • List the 800-53 control families
  • Describe where 800-53 belongs in the RMF process
  • Explain the need for a common risk framework
  • Demonstrate the selection of a baseline
  • Contrast 800-53 revisions
  • Differentiate the componentsof an 800-53 control
  • Interpret common, hybrid, & system controls
  • Select the applicable 800-53 controls for a system


  • Getting to Know 800-53
    • Course Overview
    • 800-53 Introduction
    • Risk Management Framework
    • How NIST Explains 800-53
    • 800-53 Revision 4
    • To Rev 5 & Beyond
    • Module 1 Summary
  • Understanding 800-53 Controls
    • Module 2 Overview
    • Control Families
    • Anatomy of a Control
    • Control Selection
    • Common, System and Hybrid Controls
    • Organization Defined Variables
    • System Security Plan
    • Control Assessment
    • POA&M
  • Conclusion
    • Course Wrap Up
  • Course Assessment
    • Course Assessment - NIST 800-53

Taught by

Philip Kulp


Start your review of NIST 800-53: Introduction to Security and Privacy Controls

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.