National Institute of Standards and Technology (NIST) SP 800-53

The US Federal Risk and Authorization Management Program (FedRAMP) was established to provide a standardized approach for assessing, monitoring, and authorizing cloud computing products and services. FedRAMP is based on the National Institute of Standards and Technology (NIST) SP 800-53 standard, augmented by FedRAMP controls and control enhancements. For more information about Azure support for NIST SP 800-53 controls, see Azure FedRAMP documentation.


NIST SP 800-53 Rev. 4 is scheduled to be withdrawn on 23 September 2021 and superseded by NIST SP 800-53 Rev. 5.

For additional customer assistance, Microsoft provides Azure Blueprints, which is a service that helps customers deploy and update cloud environments in a repeatable manner using composable artifacts such as Azure Resource Manager templates to provision resources, role-based access controls, and policies. Resources provisioned through Azure Blueprints adhere to an organization’s standards, patterns, and compliance requirements. The overarching goal of Azure Blueprints is to help automate compliance and cybersecurity risk management in cloud environments. To help customers deploy a core set of policies for any Azure-based architecture that must implement NIST SP 800-53 controls, Azure has released the Azure Blueprint for NIST SP 800-53. When assigned to an architecture, resources are evaluated by Azure Policy for compliance with assigned policy definitions.