Families

"Security controls described in this publication have a well-defined organization and structure. For ease of use in the security control selection and specification process, controls are organized into eighteen families. Each family contains security controls related to the general security topic of the family. A two-character identifier uniquely identifies security control families, for example, PS (Personnel Security). Security controls may involve aspects of policy, oversight, supervision, manual processes, actions by individuals, or automated mechanisms implemented by information systems/devices."

NIST SP 800-53, Rev 5

Each of the 20 families comes with a two letter code, which comprises the first part of a control number (i.e., the principal identifiers for controls). Here's a quick guide:

147

AC

Access Control

17

AT

Awareness and Training

69

AU

Audit and Accountability

32

CA

Assessment, Authorization, and Monitoring

66

CM

Configuration Management

56

CP

Contingency Planning

70

IA

Identification and Authentication

42

IR

Incident Response

30

MA

Maintenance

30

MP

Media Protection

59

PE

Physical and Environmental Protection

17

PL

Planning

37

PM

Program Management

18

PS

Personnel Security

21

PT

Personally Identifiable Information Processing and Transparency

26

RA

Risk Assessment

145

SA

System and Services Acquisition

162

SC

System and Communications Protection

118

SI

System and Information Integrity

27

SR

Supply Chain Risk Management