NIST SP 800-53 Controls
What is NIST SP 800-53?
NIST Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations," provides a catalog of security controls for all U.S. federal information systems except those related to national security.
I'm confused, I'm a DoD Contractor. Do I need to be compliant with NIST SP 800-53 because of DFARS 252.204-7012?
Not really. This is a common misunderstanding due to the history of that DFARS regulation. INITIALLY, the DFARS 252.204-7012 regulation related to these two Special Publications specified a subset of various SP 800-53 controls that DoD Government Contractors were required to comply against. Contractors were never required to meet all of the 800-53 controls. However, since 800-53 was intended for federal systems and never designed to be selectively 'cherry picked' between the various controls, NIST created the new Special Publication 800-171 specific to that DFARS requirement for Defense Contractors to follow.
In layman's terms, you can think of SP 800-171 as "800-53 Lite".