800-53 establishes controls for system and orgs 1. Mandatory for federal information systems 2. Required by OMB A-130 and Federal Information Security Modernization Act 3. Federal Information Processing Standards (FIPS) 4. OMB Policies

Does not apply to national security systems.