Appendix H. NIST Controls mapping

NIST Mappings to APS Policies and Controls

Last Reviewed: 2025-02-17:19:44:43-UTC

Below is a list of NIST SP 800-53 Controls Families and the mappings to APS policies and controls in place.

ID	NIST SP 800-53 Control Family	APS Policies and Controls
AC	Access Control	Access
AT	Awareness and Training	Roles and Responsibilities
AU	Audit and Accountability	Roles and Responsibilities; Compliance Audits
CA	Security Assessment and Authorization	Risk Management; Access
CM	Configuration Management	Configuration and Change Management
CP	Contingency Planning	Business Continuity and Disaster Recovery
IA	Identification and Authentication	Access
IR	Incident Response	Incident Response; Breach Notification
MA	Maintenance	Configuration and Change Management
PE	Physical and Environmental Protection	Facility and Physical Security
PL	Planning	Security Program Overview; Security Architecture & Operating Model
PS	Personnel Security	HR & Personnel Security
RA	Risk Assessment	Risk Management
SA	System and Services Acquisition	Third Party Security, Vendor Risk Management and Systems/Services Acquisition
SC	System and Communications Protection	Data Management; Data Protection; and Threat Detection & Prevention
SI	System and Information Integrity	Data Management; Data Protection; Product Security & Secure Software Development; Vulnerability Management;and System Audits, Monitoring & Assessments
PM	Program Management	Security Program Overview; Roles and Responsibilities; and Policy Management