NIST Special Publication (SP) 800-53 rev 3 organizes controls into three primary classes: management, technical, and operational, as illustrated in Figure 9-4. Within each of these classes, NIST SP 800-53 further lists 18 different families of controls. Any of the controls can be preventive, detective, and/or corrective, and many are a combination of these different types.
Figure 9-4 Control classes: management, technical, and operational
Thousands of Controls
NIST SP 800-53 rev 3 (Recommended Security Controls for Federal Information Systems and Organizations) provides extensive coverage of controls. It includes ...