FISMA & NIST RMF

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

Control Family

A logical grouping of related security or privacy controls within NIST SP 800-53. Revision 5 organizes its 1,007 controls into 20 families including Access Control (AC), Audit and Accountability (AU), Configuration Management (CM), Incident Response (IR), and Supply Chain Risk Management (SR). Each control identifier carries the family prefix, so AC-2 is the second control in the Access Control family.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.