Families

"Security and privacy controls described in this publication have a well-defined organization and structure. For ease of use in the security and privacy control selection and specification process, controls are organized into 20 families. Each family contains controls that are related to the specific topic of the family. A two-character identifier uniquely identifies each control family (e.g., PS for Personnel Security). Security and privacy controls may involve aspects of policy, oversight, supervision, manual processes, and automated mechanisms that are implemented by systems or actions by individuals."

NIST SP 800-53, Rev 5

Each of the 20 families comes with a two letter code, which comprises the first part of a control number (i.e., the principal identifiers for controls). Here's a quick guide:

147

AC

Access Control

17

AT

Awareness and Training

69

AU

Audit and Accountability

32

CA

Assessment, Authorization, and Monitoring

66

CM

Configuration Management

56

CP

Contingency Planning

74

IA

Identification and Authentication

42

IR

Incident Response

30

MA

Maintenance

30

MP

Media Protection

59

PE

Physical and Environmental Protection

17

PL

Planning

37

PM

Program Management

18

PS

Personnel Security

21

PT

Personally Identifiable Information Processing and Transparency

26

RA

Risk Assessment

145

SA

System and Services Acquisition

162

SC

System and Communications Protection

118

SI

System and Information Integrity

27

SR

Supply Chain Risk Management