Mapping: Nexus SecOps ↔ NIST SP 800-53 Rev 5¶

This mapping connects Nexus SecOps benchmark controls to NIST Special Publication 800-53 Revision 5 control families. Useful for federal and government-adjacent organizations, as well as FedRAMP assessments.

Mapping by NIST 800-53 Control Family¶

AC — Access Control¶

800-53 Control	Title	Nexus SecOps Controls
AC-1	Policy and Procedures	Nexus SecOps-201, Nexus SecOps-114
AC-2	Account Management	Nexus SecOps-111, Nexus SecOps-114, Nexus SecOps-115
AC-3	Access Enforcement	Nexus SecOps-114, Nexus SecOps-121
AC-4	Information Flow Enforcement	Nexus SecOps-121, Nexus SecOps-122
AC-5	Separation of Duties	Nexus SecOps-205, Nexus SecOps-114
AC-6	Least Privilege	Nexus SecOps-114, Nexus SecOps-116
AC-7	Unsuccessful Logon Attempts	Nexus SecOps-048, Nexus SecOps-031
AC-11	Device Lock	Nexus SecOps-136, Nexus SecOps-137
AC-17	Remote Access	Nexus SecOps-121, Nexus SecOps-122, Nexus SecOps-114
AC-19	Access Control for Mobile Devices	Nexus SecOps-136, Nexus SecOps-138

AT — Awareness and Training¶

800-53 Control	Title	Nexus SecOps Controls
AT-1	Policy and Procedures	Nexus SecOps-201, Nexus SecOps-206
AT-2	Literacy Training and Awareness	Nexus SecOps-206, Nexus SecOps-061
AT-3	Role-Based Training	Nexus SecOps-206, Nexus SecOps-061, Nexus SecOps-205
AT-4	Training Records	Nexus SecOps-206

AU — Audit and Accountability¶

800-53 Control	Title	Nexus SecOps Controls
AU-1	Policy and Procedures	Nexus SecOps-201, Nexus SecOps-004
AU-2	Event Logging	Nexus SecOps-001, Nexus SecOps-002, Nexus SecOps-010
AU-3	Content of Audit Records	Nexus SecOps-016, Nexus SecOps-022
AU-4	Audit Log Storage Capacity	Nexus SecOps-004, Nexus SecOps-015
AU-5	Response to Audit Logging Process Failures	Nexus SecOps-007, Nexus SecOps-024
AU-6	Audit Record Review, Analysis, and Reporting	Nexus SecOps-031, Nexus SecOps-051, Nexus SecOps-210
AU-7	Audit Record Reduction and Report Generation	Nexus SecOps-015, Nexus SecOps-031
AU-8	Time Stamps	Nexus SecOps-017
AU-9	Protection of Audit Information	Nexus SecOps-005, Nexus SecOps-215
AU-10	Non-Repudiation	Nexus SecOps-005, Nexus SecOps-071
AU-11	Audit Record Retention	Nexus SecOps-004, Nexus SecOps-029
AU-12	Audit Record Generation	Nexus SecOps-001, Nexus SecOps-006, Nexus SecOps-010

CA — Assessment, Authorization, and Monitoring¶

800-53 Control	Title	Nexus SecOps Controls
CA-1	Policy and Procedures	Nexus SecOps-201
CA-2	Control Assessments	Nexus SecOps-207, Nexus SecOps-208
CA-5	Plan of Action and Milestones	Nexus SecOps-208
CA-7	Continuous Monitoring	Nexus SecOps-031, Nexus SecOps-044, Nexus SecOps-210

CM — Configuration Management¶

800-53 Control	Title	Nexus SecOps Controls
CM-1	Policy and Procedures	Nexus SecOps-201, Nexus SecOps-202
CM-2	Baseline Configuration	Nexus SecOps-136, Nexus SecOps-137
CM-3	Configuration Change Control	Nexus SecOps-202, Nexus SecOps-203
CM-6	Configuration Settings	Nexus SecOps-136, Nexus SecOps-137, Nexus SecOps-121
CM-7	Least Functionality	Nexus SecOps-136, Nexus SecOps-137
CM-8	System Component Inventory	Nexus SecOps-001, Nexus SecOps-151
CM-9	Configuration Management Plan	Nexus SecOps-202

CP — Contingency Planning¶

800-53 Control	Title	Nexus SecOps Controls
CP-1	Policy and Procedures	Nexus SecOps-201, Nexus SecOps-066
CP-2	Contingency Plan	Nexus SecOps-066, Nexus SecOps-080
CP-4	Contingency Plan Testing	Nexus SecOps-077, Nexus SecOps-219
CP-9	System Backup	Nexus SecOps-080
CP-10	System Recovery and Reconstitution	Nexus SecOps-066, Nexus SecOps-080

IA — Identification and Authentication¶

800-53 Control	Title	Nexus SecOps Controls
IA-1	Policy and Procedures	Nexus SecOps-201, Nexus SecOps-111
IA-2	Identification and Authentication (Organizational Users)	Nexus SecOps-111, Nexus SecOps-113
IA-3	Device Identification and Authentication	Nexus SecOps-111, Nexus SecOps-136
IA-4	Identifier Management	Nexus SecOps-111, Nexus SecOps-114
IA-5	Authenticator Management	Nexus SecOps-111, Nexus SecOps-112
IA-6	Authentication Feedback	Nexus SecOps-111
IA-7	Cryptographic Module Authentication	Nexus SecOps-003, Nexus SecOps-111
IA-8	Authentication (Non-Org Users)	Nexus SecOps-114, Nexus SecOps-204
IA-9	Service Identification and Authentication	Nexus SecOps-111, Nexus SecOps-117
IA-11	Re-Authentication	Nexus SecOps-113, Nexus SecOps-116
IA-12	Identity Proofing	Nexus SecOps-111

IR — Incident Response¶

800-53 Control	Title	Nexus SecOps Controls
IR-1	Policy and Procedures	Nexus SecOps-201, Nexus SecOps-066
IR-2	Incident Response Training	Nexus SecOps-061, Nexus SecOps-206
IR-3	Incident Response Testing	Nexus SecOps-077, Nexus SecOps-219
IR-4	Incident Handling	Nexus SecOps-066, Nexus SecOps-068, Nexus SecOps-070
IR-5	Incident Monitoring	Nexus SecOps-074, Nexus SecOps-078, Nexus SecOps-075
IR-6	Incident Reporting	Nexus SecOps-069, Nexus SecOps-073
IR-7	Incident Response Assistance	Nexus SecOps-076
IR-8	Incident Response Plan	Nexus SecOps-066
IR-9	Information Spillage Response	Nexus SecOps-066, Nexus SecOps-070

PM — Program Management¶

800-53 Control	Title	Nexus SecOps Controls
PM-1	Information Security Program Plan	Nexus SecOps-201
PM-9	Risk Management Strategy	Nexus SecOps-207
PM-10	Authorization Process	Nexus SecOps-202
PM-14	Testing, Training, and Monitoring	Nexus SecOps-077, Nexus SecOps-206, Nexus SecOps-210
PM-28	Risk Framing	Nexus SecOps-207

RA — Risk Assessment¶

800-53 Control	Title	Nexus SecOps Controls
RA-1	Policy and Procedures	Nexus SecOps-201
RA-2	Security Categorization	Nexus SecOps-030, Nexus SecOps-207
RA-3	Risk Assessment	Nexus SecOps-207, Nexus SecOps-208
RA-5	Vulnerability Monitoring and Scanning	Nexus SecOps-151, Nexus SecOps-152
RA-7	Risk Response	Nexus SecOps-207, Nexus SecOps-208
RA-9	Criticality Analysis	Nexus SecOps-030, Nexus SecOps-207

SC — System and Communications Protection¶

800-53 Control	Title	Nexus SecOps Controls
SC-1	Policy and Procedures	Nexus SecOps-201
SC-5	Denial-of-Service Protection	Nexus SecOps-121
SC-7	Boundary Protection	Nexus SecOps-121, Nexus SecOps-122
SC-8	Transmission Confidentiality and Integrity	Nexus SecOps-003, Nexus SecOps-215
SC-12	Cryptographic Key Establishment and Management	Nexus SecOps-215
SC-13	Cryptographic Protection	Nexus SecOps-003, Nexus SecOps-005, Nexus SecOps-215
SC-28	Protection of Information at Rest	Nexus SecOps-005, Nexus SecOps-215
SC-39	Process Isolation	Nexus SecOps-137

SI — System and Information Integrity¶

800-53 Control	Title	Nexus SecOps Controls
SI-1	Policy and Procedures	Nexus SecOps-201
SI-2	Flaw Remediation	Nexus SecOps-151, Nexus SecOps-153, Nexus SecOps-154
SI-3	Malicious Code Protection	Nexus SecOps-140, Nexus SecOps-141
SI-4	System Monitoring	Nexus SecOps-001, Nexus SecOps-031, Nexus SecOps-044
SI-5	Security Alerts, Advisories, and Directives	Nexus SecOps-082, Nexus SecOps-085
SI-6	Security and Privacy Function Verification	Nexus SecOps-031, Nexus SecOps-034
SI-7	Software, Firmware, and Information Integrity	Nexus SecOps-005, Nexus SecOps-023, Nexus SecOps-136
SI-10	Information Input Validation	Nexus SecOps-182 (LLM context)
SI-12	Information Management and Retention	Nexus SecOps-004, Nexus SecOps-029

AI-Specific 800-53 Controls (Emerging)¶

NIST is developing AI-specific overlays for 800-53. Key controls with AI relevance:

800-53 Control	Nexus SecOps AI Controls
SI-10 (Input Validation)	Nexus SecOps-182 (Prompt Injection Defense)
SI-4 (Monitoring)	Nexus SecOps-175, Nexus SecOps-190
AU-6 (Audit Review)	Nexus SecOps-177, Nexus SecOps-190
RA-3 (Risk Assessment)	Nexus SecOps-161, Nexus SecOps-181
AT-3 (Role-Based Training)	Nexus SecOps-180, Nexus SecOps-206

See Controls Catalog for full control specifications. See NIST CSF 2.0 Mapping for framework-level alignment.