STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 3 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

NIST 800-53 Controls

Browse 1205 security and privacy controls across 28 families.

Each control is linked to DISA CCI identifiers and STIG checks. Search for fast lookup by control ID or CCI.

Control Families

All Controls1205

AC Access Control143 AP Authority and Purpose2 AR Accountability, Audit, and Risk Management8 AT Awareness and Training17 AU Audit and Accountability66 CA Assessment, Authorization, and Monitoring31 CM Configuration Management66 CP Contingency Planning51 DI Data Quality and Integrity5 DM Data Minimization and Retention6 IA Identification and Authentication74 IP Individual Participation and Redress6 IR Incident Response42 MA Maintenance30 MP Media Protection26 PE Physical and Environmental Protection59 PL Planning16 PM Program Management37 PS Personnel Security18 PT PII Processing and Transparency21 RA Risk Assessment25 SA System and Services Acquisition145 SC System and Communications Protection159 SE Security2 SI System and Information Integrity116 SR Supply Chain Risk Management27 TR Transparency5 UL Use Limitation2

SA — System and Services Acquisition

23 base controls

SA-1Policy and Procedures21 CCIs

SA-2Allocation of Resources11 CCIs

SA-3System Development Life Cycle16 CCIs

SA-4Acquisition Process21 CCIs

SA-5System Documentation24 CCIs

SA-6System and Services Acquisition4 CCIs

SA-7System and Services Acquisition2 CCIs

SA-8Security and Privacy Engineering Principles10 CCIs

SA-9External System Services15 CCIs

SA-10Developer Configuration Management33 CCIs

SA-11Developer Testing and Evaluation21 CCIs

SA-12Supply Chain Protection2 CCIs

SA-13System and Services Acquisition6 CCIs

SA-14System and Services Acquisition7 CCIs

SA-15Development Process, Standards, and Tools21 CCIs

SA-16Developer-Provided Training4 CCIs

SA-17Developer Security and Privacy Architecture and Design10 CCIs

SA-18System and Services Acquisition1 CCIs

SA-19System and Services Acquisition11 CCIs

SA-20Customized Development of Critical Components2 CCIs

SA-21Developer Screening5 CCIs

SA-22Unsupported System Components5 CCIs

SA-23Specialization2 CCIs