The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-53 Rev.5. Security and Privacy Controls for Information Systems and Organizations.
The Special Publication (SP) 800-53 provides cloud access control (AC) characteristics and a set of general access control guidance for cloud service models.
An abstract from SP 800-53:
This publication provides a catalog of security and privacy controls for information systems andNIST
organizations to protect organizational operations and assets, individuals, other organizations,
and the Nation from a diverse set of threats and risks, including hostile attacks, human errors,
natural disasters, structural failures, foreign intelligence entities, and privacy risks. The controls
are flexible and customizable and implemented as part of an organization-wide process to
manage risk. The controls address diverse requirements derived from mission and business
needs, laws, executive orders, directives, regulations, policies, standards, and guidelines. Finally,
the consolidated control catalog addresses security and privacy from a functionality perspective
(i.e., the strength of functions and mechanisms provided by the controls) and from an assurance
perspective (i.e., the measure of confidence in the security or privacy capability provided by the
controls). Addressing functionality and assurance helps to ensure that information technology
products and the systems that rely on those products are sufficiently trustworthy.
NIST has also provided supporting material to SP 800-53 Rev. 5 (see PDF download):
- Control Catalog Spreadsheet: The entire security and privacy control catalog in spreadsheet format.
- Analysis of updates between 800-53 Rev. 5 and Rev. 4.
- Mapping of Appendix J Privacy Controls (Rev. 4) to Rev. 5.
- Mappings between 800-53 Rev. 5 and other frameworks and standards (NIST Cybersecurity Framework and NIST Privacy Framework; ISO/IEC 27001.