Navigating through NIST’s extensive documentation can be exhausting. Publications like NIST SP 800-53, 53a, and 53b are invaluable, but their sheer volume—spanning thousands of pages—can be overwhelming.

But, what if I were to tell you that there is a more convenient way to browse them.

The Cybersecurity and Privacy Reference Tool (CPRT) by NIST offers a new way to access and leverage these resources. This article provides a step-by-step guide to using the CPRT, when browsing controls of NIST SP 800-53.

Step 1: Access CPRT

You can find the Cybersecurity and Privacy Reference Tool here: CPRT

To browse publications, click on “Utilize” as highlighted below.

Step 2: Select Publication

The second step in using the CPRT is to choose the specific NIST publication you want to explore. For instance, if you’re interested in NIST SP 800-53, which provides a comprehensive set of security and privacy controls for federal information systems and organizations, you would select this publication from the list.

Step 3: Select Control Family

The next step to get to the controls is to choose a control family. NIST SP 800-53 is organized into 20 control families, each focusing on different aspects of security and privacy. Let’s pick the first control family.

Step 4: Select Control

Once you have chosen a control family, you can then select a specific control within that family. This view provides an overview of each control, including its associated baseline as defined in NIST SP 800-53b. Let’s select control AC-11 Device Lock.

Step 5: Examine Control

The final step involves opening the control to access detailed information, including the control statement, control enhancements, and associated assessment procedures.