NIST SP 800-53
The canonical federal information system controls catalogue — the source for FedRAMP, FISMA, and most US sovereign baselines.
All federal information systems and any organisation choosing the catalogue as its security baseline.
Used as the underlying control catalogue for Safeguard's own FedRAMP authorisation.
What NIST 800-53 actually requires.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
1,189 controls across 20 control families — selected and tailored to system impact level.
Mandatory Risk Management Framework (NIST SP 800-37) lifecycle: Categorise → Select → Implement → Assess → Authorise → Monitor.
Documented control inheritance from cloud providers and shared services.
Continuous monitoring with automated evidence wherever feasible (per OMB M-22-09).
Specific overlays for privacy (Appendix J), supply chain (800-161), and AI (800-218A draft).
Pre-mapped controls. Continuous evidence.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
Pre-mapped to Rev 5 baselines (Low / Moderate / High) with control inheritance documented per cloud provider.
OSCAL-formatted control implementation statements exportable for any inherited control.
Automated evidence harvest for ~70% of technical controls; manual attestation pipeline for the rest.
Drift detection raises any deviation from the documented baseline as a policy-gate finding.
Artifacts your auditor accepts.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
Full OSCAL package (catalog + profile + component + assessment).
Per-control implementation statement with linked evidence artifacts.
Continuous monitoring dashboard exportable monthly.
Control inheritance matrix per shared service.
One evidence base. Many regulators.
These frameworks share substantial control overlap with NIST 800-53. Customers running one assessment typically satisfy the others with the same evidence base.
FedRAMP HIGH
North America
Federal cloud authorisation for systems handling High-impact CUI and mission data.
CMMC Level 2 / Level 3
North America
Cyber maturity certification for any contractor handling CUI in the US Defense Industrial Base.
NIST SP 800-161 (Rev 2)
North America
Supply Chain Risk Management practices for federal systems — the foundation for SBOM and software provenance requirements.
NIST SP 800-218 (SSDF)
North America
The Secure Software Development Framework that backs EO 14028, the CISA attestation form, and most modern software supply-chain mandates.
FISMA
North America
Federal Information Security Modernization Act — the legislative basis for the NIST RMF lifecycle in the US federal government.
NIST CSF 2.0
Cross-jurisdictional
The NIST Cybersecurity Framework version 2.0 — six functions (Govern, Identify, Protect, Detect, Respond, Recover) with broad global adoption.
Ready for NIST 800-53?
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.