NIST Special Publication 800-53 is a mainstay of security risk management controls and control categories. It is best viewed as a security control meta-standard, because it is intended to be tailored for each organization based on a comprehensive set of system definition and risk modeling exercises.
While statically defined, the controls themselves are comprehensive and well thought-out. The continuous and iterative steps of the RMF are depicted as following:
The RMF process makes use of 800-53 security controls, but takes a step back and calls for a series of continuous risk management activities ...