NIST SP 800-53 Controls

 What is NIST SP 800-53?

NIST Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations," provides a catalog of security controls for all U.S. federal information systems except those related to national security. 

More information on SP 800-53 is located on Wikipedia here.

The National Vulnerability Database also provides an excellent way to review the NIST SP 800-53 controls. 

I'm confused, I'm a DoD Contractor. Do I need to be compliant with NIST SP 800-53 because of DFARS 252.204-7012?

Not really. This is a common misunderstanding due to the history of that DFARS regulation. INITIALLY, the DFARS 252.204-7012 regulation related to these two Special Publications specified a subset of various SP 800-53 controls that DoD Government Contractors were required to comply against. Contractors were never required to meet all of the 800-53 controls. However, since 800-53 was intended for federal systems and never designed to be selectively 'cherry picked' between the various controls, NIST created the new Special Publication 800-171 specific to that DFARS requirement for Defense Contractors to follow. 

Click here if you are a Government Contractor seeking CDI (NIST SP 800-171) Compliance.

In layman's terms, you can think of SP 800-171 as "800-53 Lite".