Which NIST publication offers guidance on security and privacy controls for compliance audits?

The guidance on security and privacy controls for compliance audits is provided in NIST 800-53. This publication is part of the NIST Special Publication series and specifically outlines a comprehensive set of controls that organizations can implement to manage their security and privacy risks effectively. It helps organizations assess their compliance with various regulations and standards by establishing a baseline of security requirements.

NIST 800-53 includes controls related to access control, incident response, risk assessment, and system and communications protection, among others. By using this publication, organizations can ensure they have a robust framework in place for both security and privacy that can be audited for compliance. Additionally, it assists in aligning with broader federal requirements and can be adapted for different environments.

Other options, such as ISO standard 15408, focus on evaluation criteria for IT security, while NIST 800-61 deals with computer security incident handling. COBIT, on the other hand, is a framework for developing, implementing, monitoring, and improving IT governance and management practices, but does not specifically offer detailed guidance tailored for compliance audits in the context of security and privacy controls. Therefore, NIST 800-53 stands out as the most relevant and authoritative source for this area.