NIST CSRC
csrc.nist.gov › News › 2025 › nist-releases-revision-to-sp-800-53-controls
NIST Releases Revision to SP 800-53 Controls | CSRC
August 27, 2025 - SP 800-53 Release 5.2.0 addresses multiple aspects of the software development and deployment process, including software and system resiliency by design, developer testing, the deployment and management of updates, and software integrity and validation. This update also revises the discussion ...
Kusari
kusari.dev › learning-center › nist-800-53
What is NIST 800-53? Regulation & Explanation | Learn About NIST 800-53 Compliance | Kusari®
For development teams and DevSecOps practitioners, NIST 800-53 offers structured guidance on implementing security controls throughout the software development lifecycle.
Writing NIST 800-53 Compliant Software
If you're looking for a start, I'd say take a look at any items in the control catalog starting with Software and mark controls that apply to your application. Have you tried the NIST CSF Reference tool? If you've already started your development without giving priority to RMF, NIST, or DISA policies and principles, you're probably going to need to make some changes to your code, as well as your development process moving forward. Once you've gone through the software assurance cycle, you'll want to go back and look at the other controls that apply to your application. Also, be sure to consider the target demographic for your application, for today and tomorrow. It'll save you a lot of time, money, and aggravation. The last thing you want to be doing three years from now is rebuilding an entire application because key items were missed in the initial stages. More on reddit.com
Creating NIST v5 Mapping to PCI and other frameworks
I would recommend everyone check out SCF Framework first, it is free to download and does this out of the box. https://securecontrolsframework.com/scf-download/ More on reddit.com
Attaining NIST SP 800-171 as a software company
It is not a certification and is far broader than just software. Step one is get 800-171 and read it. More on reddit.com
Separation of Duties as per NIST 800-171
Definitely curious what others are doing, but here are a few ideas from my interpretation: - The implementation of some sort of PAM/PIM solution (e.g., technical implementer requests temporary access/credentials with business approver) - The segregation of admin vs. auditor (e.g., event logs are shipped somewhere that admins performing operational IT tasks can't conveniently wipe...) - Requiring a quorum of admins for privileged IT tasks (e.g., could be written policy like two people must be present when transporting a physical server, or opening a physical safe with breakglass credentials, or key ceremony, etc.) More on reddit.com
Videos
59:25
Intro to NIST: The Path to the SP 800-53 | Simply Cyber Academy ...
10:05
Breaking Down NIST 800-53: What You Need to Know - YouTube
05:00
NIST SP 800-53 - Patch Process Overview - YouTube
18:28
Understanding NIST 800-53 Rev. 5 Control Families: A Breakdown ...
57:36
How to Use NIST SP 800-53 to Protect Your Information Systems and ...
01:22:06
Engineer's Approach To NIST 800-53 - YouTube
Reddit
reddit.com › r/nistcontrols › writing nist 800-53 compliant software
Writing NIST 800-53 Compliant Software : r/NISTControls
March 3, 2021 - Realistically, if you're following the dev STIGs and OWASP, in my estimation you'll meet 98% of what you need to for 800-53r5 compliance, although there are Component overlays that may impose tighter controls. The SA controls I listed are just among the most obvious from the catalog and they also reference other related controls where needed, such as from the AC, SI, and SC groups. ... As others have said, the DISA application security development STIG is exactly what you need.
Isora GRC
saltycloud.com › blog › nist-800-53
NIST SP 800-53: Controls, Families & Rev 5 Guide | Isora GRC
February 17, 2026 - Most recently, NIST introduced Rev 5.2 in 2025 to support secure software development. NIST published this update in response to EO 14306. The changes address software resiliency by design, developer testing, update management, and software integrity validation. NIST 800-53 Rev 5.2.0 also introduces three entirely new controls:
NIST CSRC
csrc.nist.gov › Projects › ssdf › references
References - Secure Software Development Framework | CSRC | CSRC
April 13, 2026 - NIST Publications General Framework ... Framework (SP 800-181) Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5) Software Development Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (2nd Draft) (SP 800-161 ...
OpsMX
opsmx.com › home › security › implementing nist 800-53 in ci/cd for software supply chain security
Implementing NIST 800-53 In CI/CD For Software Supply Chain Security| OpsMx Blog
December 26, 2025 - While the ‘Shift Left’ methodology has been instrumental in incorporating security early in the development process, NIST 800-53 extends this focus to every step, right up to the release into the production environment, narrowing the window for potential attacks and fortifying the entire software delivery process.
Wikipedia
en.wikipedia.org › wiki › NIST_Special_Publication_800-53
NIST Special Publication 800-53
1 week ago - CSF (Cybersecurity Framework) and 800-53 covered each others weaknesses with CSF having more of a top-down decision-making process and NIST SP 800-53 having a bottom-up approach. The combination provided an easier approach for developers to create a new platform and software.
NIST
nvd.nist.gov › 800-53 › Rev4 › control › SA-11
Access CPRT - Cybersecurity and Privacy Reference Tool | CSRC | CSRC
February 19, 2026 - This is a potential security issue, you are being redirected to https://csrc.nist.gov · An official website of the United States government
Aikido
aikido.dev › learn › compliance › compliance-frameworks › nist-800-53
NIST 800-53 Controls Explained: Security & Privacy
Assessors verifying NIST 800-53 compliance (often for FISMA or FedRAMP) will examine implementation evidence for specific controls relevant to development: (SA-11) Developer Testing and Evaluation: "Show me your process and evidence for security testing (static analysis, dynamic analysis, vulnerability scanning) performed during the SDLC." (SA-15) Development Process, Standards, and Tools: "Provide documentation of your secure software development lifecycle (SSDLC) process and the tools used."
ISMS.online
isms.online › nist › nist sp 800-53 compliance software
NIST SP 800-53 Compliance Software | ISMS.Online
July 25, 2025 - NIST SP 800-53 compliance software enables organisations to implement, monitor, and audit security controls in alignment with federal standards, transforming complex requirements into actionable, evidence-backed workflows.
Price $$
Address Nile House, Nile Street, BN1 1HW, Brighton
Cisco
cisco.com › c › en › us › products › collateral › security › nist-sp-800-53-sb.html
Products - Framework Foundations: NIST SP 800-53 Solution Brief - Cisco
In August 2025, NIST released SP 800‑53 5.2.0, adding three controls: Logging Syntax (SA‑15), Design for Cyber Resiliency (SA‑24), Root Cause Analysis enhancement (SI‑02 (07)). Revisions targeted secure software updates, deployment governance, integrity validation, and roles and accountability.