Press "Enter" to skip to content

Security Controls Based on NIST 800-53 Low, Medium, High Impact

0

Since NIST 800-53 was first introduced, the number of controls has greatly expanded; the initial version of 800-53 contained approximately 300 controls and NIST 800-53 rev 4 contains 965 controls. 

Despite the complexity, each NIST 800-53 revision makes the controls set increasingly valuable. As things like mobile, IoT, and cloud evolve, NIST continuously enhances 800-53 to make migration an ongoing requirement.

800-53 (Rev. 4) Security Control Catalog

Low-Impact

Moderate-Impact

High-Impact

 

2020-spectrum-nist-800-54-low-moderate-high-baseline-compliance.jpg



NIST Baseline Tailer

https://pages.nist.gov/sctools/bt.xml





Security Objectives / Impact / Required Security Controls

 

Confidentiality

Integrity

Availability

Low

Login Audit
Encryption in transit
Patch Management
Centralized Authentication

Antivirus

Onsite Backup
Change Control
Patch Management
Vulnerability Management
SLAs

Moderate

Login Audit
System Health Monitoring
Encryption at rest
Encryption in transit
MFA
Secure Delete
DLP
Patch Management
Centralized Authentication
Machine Authentication
Role Based Authentication
Network IDS
Cloud Isolation

Antivirus
File Integrity Monitoring

High Availability
Onsite Backup
Change Control
Patch Management
Vulnerability Management
SLAs

High

Login Audit
System Health Monitoring
Encryption at rest
Encryption in transit
MFA
Priviledged Access Management
Patch Management
Machine authentication
Host IDS
Network IDS
SSL Decryption
Secure Delete
DLP
Penetration Testing
Centralized Authentication
Role Based Authentication
Cloud Isolation

Antivirus
File Integrity Monitoring

High Availability
Onsite/Offsite Backup
Scalability
DR Site
Change Control
Patch Management
Vulnerability Management
DDoS Protection
SLAs

The following list is showing those most common controls align with the impact level in 800-53.

Impact / Required Security Controls (Based on 800-53))

 

Low

Moderate

High

Access Control / Firewall

 

 

 

Account Management

 

 

 

Security Awareness Training

 

 

 

Security Assessment / Categorization

 

 

 

System Inventory

 

 

 

Key Protection / Management

 

 

 

DoS Protection

 

 

 

Remote Access from External Network 

Monitoring, Managed,

Privileged Commands Controlled and Documents,

 Information Protected,
Disabled non-secure network protocols

Wireless Access

Authentication, Encryption, Monitoring,

(Restrict Users)

 

Physical Access Control

 

 

 

System Maintenance

 

 

 

Patch Management

 

 

 

System / Login Audit / Response

 

 

 

System Health, Usage Monitoring

 

 

 

Encryption in transit

 

 

 

System Hardening

 

 

 

Software Usage Restrictions

 

 

 

Antivirus/Antimalware

 

 

 

Vulnerability Scanning

 

 

 

Onsite Backup / Recovery

 

 

 

Alternate Storage Site & Backup / Recovery

 

 

 

Access / Configuration Change Control

 

 

 

Least Privilege

 

 

 

PKI Certificates

 

 

 

Anti-SPAM

 

 

 

Endpoints Advanced Threat Protection

 

 

 

Encryption at Rest

 

 

 

Device Identification & 
Authentication

 

 

 

Network IDS

 

 

 

File Integrity Monitoring

 

 

 

Role-based Authentication

 

 

 

Centralized Authentication

 

 

 

Separation of Duties

 

 

 

DLP

 

 

 

Application Partitioning

 

 

 

Multi Factor Authentication

 

 

 

Secure Delete

 

 

 

Penetration Testing

 

 

 

Vulnerability Management

 

 

 

Supply Chain Protection

 

 

 

Network Segregation (DMZ, Subnets, Mgmt Interface)

 

 

 

DR Site

 

 

 

Privileged Access Management

 

 

 

SIEM

 

 

 

Host IDS

 

 

 

 

NIST SP 800-53 Full Control List

https://www.stigviewer.com/controls/800-53

NIST priorities are from P0 to P5, with P1 being the highest priority.  Generally 1-5 dictates the order in which the controls should be implemented.

There is a P0 – which is the lowest priority.

Num.

Title

Impact

Priority

Subject Area

AC-1

ACCESS
CONTROL POLICY AND PROCEDURES

LOW

P1

Access Control

AC-2

ACCOUNT
MANAGEMENT

LOW

P1

Access Control

AC-3

ACCESS
ENFORCEMENT

LOW

P1

Access Control

AC-7

UNSUCCESSFUL
LOGON ATTEMPTS

LOW

P2

Access Control

AC-8

SYSTEM
USE NOTIFICATION

LOW

P1

Access Control

AC-14

PERMITTED
ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION

LOW

P3

Access Control

AC-17

REMOTE
ACCESS

LOW

P1

Access Control

AC-18

WIRELESS
ACCESS

LOW

P1

Access Control

AC-19

ACCESS
CONTROL FOR MOBILE DEVICES

LOW

P1

Access Control

AC-20

USE
OF EXTERNAL INFORMATION SYSTEMS

LOW

P1

Access Control

AC-22

PUBLICLY
ACCESSIBLE CONTENT

LOW

P3

Access Control

AT-1

SECURITY
AWARENESS AND TRAINING POLICY AND PROCEDURES

LOW

P1

Awareness And
Training

AT-2

SECURITY
AWARENESS TRAINING

LOW

P1

Awareness And
Training

AT-3

ROLE-BASED
SECURITY TRAINING

LOW

P1

Awareness And
Training

AT-4

SECURITY
TRAINING RECORDS

LOW

P3

Awareness And
Training

AU-1

AUDIT
AND ACCOUNTABILITY POLICY AND PROCEDURES

LOW

P1

Audit And
Accountability

AU-2

AUDIT
EVENTS

LOW

P1

Audit And
Accountability

AU-3

CONTENT
OF AUDIT RECORDS

LOW

P1

Audit And
Accountability

AU-4

AUDIT
STORAGE CAPACITY

LOW

P1

Audit And
Accountability

AU-5

RESPONSE
TO AUDIT PROCESSING FAILURES

LOW

P1

Audit And
Accountability

AU-6

AUDIT
REVIEW, ANALYSIS, AND REPORTING

LOW

P1

Audit And
Accountability

AU-8

TIME
STAMPS

LOW

P1

Audit And
Accountability

AU-9

PROTECTION
OF AUDIT INFORMATION

LOW

P1

Audit And
Accountability

AU-11

AUDIT
RECORD RETENTION

LOW

P3

Audit And
Accountability

AU-12

AUDIT
GENERATION

LOW

P1

Audit And
Accountability

CA-1

SECURITY
ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES

LOW

P1

Security
Assessment And Authorization

CA-2

SECURITY
ASSESSMENTS

LOW

P2

Security
Assessment And Authorization

CA-3

SYSTEM
INTERCONNECTIONS

LOW

P1

Security
Assessment And Authorization

CA-5

PLAN
OF ACTION AND MILESTONES

LOW

P3

Security
Assessment And Authorization

CA-6

SECURITY
AUTHORIZATION

LOW

P2

Security
Assessment And Authorization

CA-7

CONTINUOUS
MONITORING

LOW

P2

Security
Assessment And Authorization

CA-9

INTERNAL
SYSTEM CONNECTIONS

LOW

P2

Security
Assessment And Authorization

CM-1

CONFIGURATION
MANAGEMENT POLICY AND PROCEDURES

LOW

P1

Configuration
Management

CM-2

BASELINE
CONFIGURATION

LOW

P1

Configuration
Management

CM-4

SECURITY
IMPACT ANALYSIS

LOW

P2

Configuration
Management

CM-6

CONFIGURATION
SETTINGS

LOW

P1

Configuration
Management

CM-7

LEAST
FUNCTIONALITY

LOW

P1

Configuration
Management

CM-8

INFORMATION
SYSTEM COMPONENT INVENTORY

LOW

P1

Configuration
Management

CM-10

SOFTWARE
USAGE RESTRICTIONS

LOW

P2

Configuration
Management

CM-11

USER-INSTALLED
SOFTWARE

LOW

P1

Configuration
Management

CP-1

CONTINGENCY
PLANNING POLICY AND PROCEDURES

LOW

P1

Contingency
Planning

CP-2

CONTINGENCY
PLAN

LOW

P1

Contingency
Planning

CP-3

CONTINGENCY
TRAINING

LOW

P2

Contingency
Planning

CP-4

CONTINGENCY
PLAN TESTING

LOW

P2

Contingency
Planning

CP-9

INFORMATION
SYSTEM BACKUP

LOW

P1

Contingency
Planning

CP-10

INFORMATION
SYSTEM RECOVERY AND RECONSTITUTION

LOW

P1

Contingency
Planning

IA-1

IDENTIFICATION
AND AUTHENTICATION POLICY AND PROCEDURES

LOW

P1

Identification
And Authentication

IA-2

IDENTIFICATION
AND AUTHENTICATION (ORGANIZATIONAL USERS)

LOW

P1

Identification
And Authentication

IA-4

IDENTIFIER
MANAGEMENT

LOW

P1

Identification
And Authentication

IA-5

AUTHENTICATOR
MANAGEMENT

LOW

P1

Identification
And Authentication

IA-6

AUTHENTICATOR
FEEDBACK

LOW

P2

Identification
And Authentication

IA-7

CRYPTOGRAPHIC
MODULE AUTHENTICATION

LOW

P1

Identification
And Authentication

IA-8

IDENTIFICATION
AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

LOW

P1

Identification
And Authentication

IR-1

INCIDENT
RESPONSE POLICY AND PROCEDURES

LOW

P1

Incident Response

IR-2

INCIDENT
RESPONSE TRAINING

LOW

P2

Incident Response

IR-4

INCIDENT
HANDLING

LOW

P1

Incident Response

IR-5

INCIDENT
MONITORING

LOW

P1

Incident Response

IR-6

INCIDENT
REPORTING

LOW

P1

Incident Response

IR-7

INCIDENT
RESPONSE ASSISTANCE

LOW

P2

Incident Response

IR-8

INCIDENT
RESPONSE PLAN

LOW

P1

Incident Response

MA-1

SYSTEM
MAINTENANCE POLICY AND PROCEDURES

LOW

P1

Maintenance

MA-2

CONTROLLED
MAINTENANCE

LOW

P2

Maintenance

MA-4

NONLOCAL
MAINTENANCE

LOW

P2

Maintenance

MA-5

MAINTENANCE
PERSONNEL

LOW

P2

Maintenance

MP-1

MEDIA
PROTECTION POLICY AND PROCEDURES

LOW

P1

Media Protection

MP-2

MEDIA
ACCESS

LOW

P1

Media Protection

MP-6

MEDIA
SANITIZATION

LOW

P1

Media Protection

MP-7

MEDIA
USE

LOW

P1

Media Protection

PE-1

PHYSICAL
AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES

LOW

P1

Physical And
Environmental Protection

PE-2

PHYSICAL
ACCESS AUTHORIZATIONS

LOW

P1

Physical And
Environmental Protection

PE-3

PHYSICAL
ACCESS CONTROL

LOW

P1

Physical And
Environmental Protection

PE-6

MONITORING
PHYSICAL ACCESS

LOW

P1

Physical And
Environmental Protection

PE-8

VISITOR
ACCESS RECORDS

LOW

P3

Physical And
Environmental Protection

PE-12

EMERGENCY
LIGHTING

LOW

P1

Physical And
Environmental Protection

PE-13

FIRE
PROTECTION

LOW

P1

Physical And
Environmental Protection

PE-14

TEMPERATURE
AND HUMIDITY CONTROLS

LOW

P1

Physical And
Environmental Protection

PE-15

WATER
DAMAGE PROTECTION

LOW

P1

Physical And
Environmental Protection

PE-16

DELIVERY
AND REMOVAL

LOW

P2

Physical And
Environmental Protection

PL-1

SECURITY
PLANNING POLICY AND PROCEDURES

LOW

P1

Planning

PL-2

SYSTEM
SECURITY PLAN

LOW

P1

Planning

PL-4

RULES
OF BEHAVIOR

LOW

P2

Planning

PS-1

PERSONNEL
SECURITY POLICY AND PROCEDURES

LOW

P1

Personnel
Security

PS-2

POSITION
RISK DESIGNATION

LOW

P1

Personnel
Security

PS-3

PERSONNEL
SCREENING

LOW

P1

Personnel
Security

PS-4

PERSONNEL
TERMINATION

LOW

P1

Personnel
Security

PS-5

PERSONNEL
TRANSFER

LOW

P2

Personnel
Security

PS-6

ACCESS
AGREEMENTS

LOW

P3

Personnel
Security

PS-7

THIRD-PARTY
PERSONNEL SECURITY

LOW

P1

Personnel
Security

PS-8

PERSONNEL
SANCTIONS

LOW

P3

Personnel
Security

RA-1

RISK
ASSESSMENT POLICY AND PROCEDURES

LOW

P1

Risk Assessment

RA-2

SECURITY
CATEGORIZATION

LOW

P1

Risk Assessment

RA-3

RISK
ASSESSMENT

LOW

P1

Risk Assessment

RA-5

VULNERABILITY
SCANNING

LOW

P1

Risk Assessment

SA-1

SYSTEM
AND SERVICES ACQUISITION POLICY AND PROCEDURES

LOW

P1

System And
Services Acquisition

SA-2

ALLOCATION
OF RESOURCES

LOW

P1

System And
Services Acquisition

SA-3

SYSTEM
DEVELOPMENT LIFE CYCLE

LOW

P1

System And
Services Acquisition

SA-4

ACQUISITION
PROCESS

LOW

P1

System And
Services Acquisition

SA-5

INFORMATION
SYSTEM DOCUMENTATION

LOW

P2

System And
Services Acquisition

SA-9

EXTERNAL
INFORMATION SYSTEM SERVICES

LOW

P1

System And
Services Acquisition

SC-1

SYSTEM
AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES

LOW

P1

System And
Communications Protection

SC-5

DENIAL
OF SERVICE PROTECTION

LOW

P1

System And
Communications Protection

SC-7

BOUNDARY
PROTECTION

LOW

P1

System And Communications
Protection

SC-12

CRYPTOGRAPHIC
KEY ESTABLISHMENT AND MANAGEMENT

LOW

P1

System And
Communications Protection

SC-13

CRYPTOGRAPHIC
PROTECTION

LOW

P1

System And
Communications Protection

SC-15

COLLABORATIVE
COMPUTING DEVICES

LOW

P1

System And
Communications Protection

SC-20

SECURE
NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)

LOW

P1

System And
Communications Protection

SC-21

SECURE
NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)

LOW

P1

System And
Communications Protection

SC-22

ARCHITECTURE
AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE

LOW

P1

System And
Communications Protection

SC-39

PROCESS
ISOLATION

LOW

P1

System And
Communications Protection

SI-1

SYSTEM
AND INFORMATION INTEGRITY POLICY AND PROCEDURES

LOW

P1

System And
Information Integrity

SI-2

FLAW
REMEDIATION

LOW

P1

System And
Information Integrity

SI-3

MALICIOUS
CODE PROTECTION

LOW

P1

System And
Information Integrity

SI-4

INFORMATION
SYSTEM MONITORING

LOW

P1

System And
Information Integrity

SI-5

SECURITY
ALERTS, ADVISORIES, AND DIRECTIVES

LOW

P1

System And
Information Integrity

SI-12

INFORMATION
HANDLING AND RETENTION

LOW

P2

System And
Information Integrity

 

Num.

Title

Impact

Priority

Subject Area

AC-4

INFORMATION FLOW ENFORCEMENT

MODERATE

P1

Access Control

AC-5

SEPARATION OF DUTIES

MODERATE

P1

Access Control

AC-6

LEAST PRIVILEGE

MODERATE

P1

Access Control

AC-11

SESSION LOCK

MODERATE

P3

Access Control

AC-12

SESSION TERMINATION

MODERATE

P2

Access Control

AC-21

INFORMATION SHARING

MODERATE

P2

Access Control

AU-7

AUDIT REDUCTION AND REPORT GENERATION

MODERATE

P2

Audit And
Accountability

CM-3

CONFIGURATION CHANGE CONTROL

MODERATE

P1

Configuration
Management

CM-5

ACCESS RESTRICTIONS FOR CHANGE

MODERATE

P1

Configuration
Management

CM-9

CONFIGURATION MANAGEMENT PLAN

MODERATE

P1

Configuration
Management

CP-6

ALTERNATE STORAGE SITE

MODERATE

P1

Contingency
Planning

CP-7

ALTERNATE PROCESSING SITE

MODERATE

P1

Contingency
Planning

CP-8

TELECOMMUNICATIONS SERVICES

MODERATE

P1

Contingency
Planning

IA-3

DEVICE IDENTIFICATION AND AUTHENTICATION

MODERATE

P1

Identification
And Authentication

IR-3

INCIDENT RESPONSE TESTING

MODERATE

P2

Incident Response

MA-3

MAINTENANCE TOOLS

MODERATE

P3

Maintenance

MA-6

TIMELY MAINTENANCE

MODERATE

P2

Maintenance

MP-3

MEDIA MARKING

MODERATE

P2

Media Protection

MP-4

MEDIA STORAGE

MODERATE

P1

Media Protection

MP-5

MEDIA TRANSPORT

MODERATE

P1

Media Protection

PE-4

ACCESS CONTROL FOR TRANSMISSION MEDIUM

MODERATE

P1

Physical And
Environmental Protection

PE-5

ACCESS CONTROL FOR OUTPUT DEVICES

MODERATE

P2

Physical And
Environmental Protection

PE-9

POWER EQUIPMENT AND CABLING

MODERATE

P1

Physical And
Environmental Protection

PE-10

EMERGENCY SHUTOFF

MODERATE

P1

Physical And
Environmental Protection

PE-11

EMERGENCY POWER

MODERATE

P1

Physical And
Environmental Protection

PE-17

ALTERNATE WORK SITE

MODERATE

P2

Physical And
Environmental Protection

PL-8

INFORMATION SECURITY ARCHITECTURE

MODERATE

P1

Planning

SA-8

SECURITY ENGINEERING PRINCIPLES

MODERATE

P1

System And
Services Acquisition

SA-10

DEVELOPER CONFIGURATION MANAGEMENT

MODERATE

P1

System And
Services Acquisition

SA-11

DEVELOPER SECURITY TESTING AND EVALUATION

MODERATE

P1

System And
Services Acquisition

SC-2

APPLICATION PARTITIONING

MODERATE

P1

System And
Communications Protection

SC-4

INFORMATION IN SHARED RESOURCES

MODERATE

P1

System And
Communications Protection

SC-8

TRANSMISSION CONFIDENTIALITY AND INTEGRITY

MODERATE

P1

System And
Communications Protection

SC-10

NETWORK DISCONNECT

MODERATE

P2

System And
Communications Protection

SC-17

PUBLIC KEY INFRASTRUCTURE CERTIFICATES

MODERATE

P1

System And
Communications Protection

SC-18

MOBILE CODE

MODERATE

P2

System And
Communications Protection

SC-19

VOICE OVER INTERNET PROTOCOL

MODERATE

P1

System And Communications
Protection

SC-23

SESSION AUTHENTICITY

MODERATE

P1

System And
Communications Protection

SC-28

PROTECTION OF INFORMATION AT REST

MODERATE

P1

System And
Communications Protection

SI-7

SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

MODERATE

P1

System And
Information Integrity

SI-8

SPAM PROTECTION

MODERATE

P2

System And
Information Integrity

SI-10

INFORMATION INPUT VALIDATION

MODERATE

P1

System And
Information Integrity

SI-11

ERROR HANDLING

MODERATE

P2

System And
Information Integrity

SI-16

MEMORY PROTECTION

MODERATE

P1

System And
Information Integrity

 


Num.

Title

Impact

Priority

Subject Area

AC-10

CONCURRENT SESSION CONTROL

HIGH

P3

Access Control

AU-10

NON-REPUDIATION

HIGH

P2

Audit And
Accountability

CA-8

PENETRATION TESTING

HIGH

P2

Security
Assessment And Authorization

PE-18

LOCATION OF INFORMATION SYSTEM COMPONENTS

HIGH

P3

Physical And
Environmental Protection

SA-12

SUPPLY CHAIN PROTECTION

HIGH

P1

System And
Services Acquisition

SA-15

DEVELOPMENT PROCESS, STANDARDS, AND TOOLS

HIGH

P2

System And
Services Acquisition

SA-16

DEVELOPER-PROVIDED TRAINING

HIGH

P2

System And
Services Acquisition

SA-17

DEVELOPER SECURITY ARCHITECTURE AND DESIGN

HIGH

P1

System And
Services Acquisition

SC-3

SECURITY FUNCTION ISOLATION

HIGH

P1

System And
Communications Protection

SC-24

FAIL IN KNOWN STATE

HIGH

P1

System And
Communications Protection

SI-6

SECURITY FUNCTION VERIFICATION

HIGH

P1

System And
Information Integrity

 



Num.

Title

Impact

Priority

Subject Area

AC-9

PREVIOUS LOGON (ACCESS) NOTIFICATION

P0

Access Control

AC-13

SUPERVISION AND REVIEW
ACCESS CONTROL

Access Control

AC-15

AUTOMATED MARKING

Access Control

AC-16

SECURITY ATTRIBUTES

P0

Access Control

AC-23

DATA MINING PROTECTION

P0

Access Control

AC-24

ACCESS CONTROL DECISIONS

P0

Access Control

AC-25

REFERENCE MONITOR

P0

Access Control

AT-5

CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS

Awareness And
Training

AU-13

MONITORING FOR INFORMATION DISCLOSURE

P0

Audit And
Accountability

AU-14

SESSION AUDIT

P0

Audit And
Accountability

AU-15

ALTERNATE AUDIT CAPABILITY

P0

Audit And
Accountability

AU-16

CROSS-ORGANIZATIONAL AUDITING

P0

Audit And
Accountability

CA-4

SECURITY CERTIFICATION

Security
Assessment And Authorization

CP-5

CONTINGENCY PLAN UPDATE

Contingency
Planning

CP-11

ALTERNATE COMMUNICATIONS PROTOCOLS

P0

Contingency
Planning

CP-12

SAFE MODE

P0

Contingency
Planning

CP-13

ALTERNATIVE SECURITY MECHANISMS

P0

Contingency
Planning

IA-9

SERVICE IDENTIFICATION AND AUTHENTICATION

P0

Identification
And Authentication

IA-10

ADAPTIVE IDENTIFICATION AND AUTHENTICATION

P0

Identification
And Authentication

IA-11

RE-AUTHENTICATION

P0

Identification
And Authentication

IR-9

INFORMATION SPILLAGE RESPONSE

P0

Incident Response

IR-10

INTEGRATED INFORMATION SECURITY ANALYSIS TEAM

P0

Incident Response

MP-8

MEDIA DOWNGRADING

P0

Media Protection

PE-7

VISITOR CONTROL

Physical And
Environmental Protection

PE-19

INFORMATION LEAKAGE

P0

Physical And
Environmental Protection

PE-20

ASSET MONITORING AND TRACKING

P0

Physical And
Environmental Protection

PL-3

SYSTEM SECURITY PLAN UPDATE

Planning

PL-5

PRIVACY IMPACT ASSESSMENT

Planning

PL-6

SECURITY-RELATED ACTIVITY PLANNING

Planning

PL-7

SECURITY CONCEPT OF OPERATIONS

P0

Planning

PL-9

CENTRAL MANAGEMENT

P0

Planning

RA-4

RISK ASSESSMENT UPDATE

Risk Assessment

RA-6

TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY

P0

Risk Assessment

SA-6

SOFTWARE USAGE RESTRICTIONS

System And
Services Acquisition

SA-7

USER-INSTALLED SOFTWARE

System And
Services Acquisition

SA-13

TRUSTWORTHINESS

P0

System And
Services Acquisition

SA-14

CRITICALITY ANALYSIS

P0

System And
Services Acquisition

SA-18

TAMPER RESISTANCE AND DETECTION

P0

System And
Services Acquisition

SA-19

COMPONENT AUTHENTICITY

P0

System And
Services Acquisition

SA-20

CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS

P0

System And
Services Acquisition

SA-21

DEVELOPER SCREENING

P0

System And
Services Acquisition

SA-22

UNSUPPORTED SYSTEM COMPONENTS

P0

System And
Services Acquisition

SC-6

RESOURCE AVAILABILITY

P0

System And
Communications Protection

SC-9

TRANSMISSION CONFIDENTIALITY

System And
Communications Protection

SC-11

TRUSTED PATH

P0

System And
Communications Protection

SC-14

PUBLIC ACCESS PROTECTIONS

System And
Communications Protection

SC-16

TRANSMISSION OF SECURITY ATTRIBUTES

P0

System And
Communications Protection

SC-25

THIN NODES

P0

System And
Communications Protection

SC-26

HONEYPOTS

P0

System And
Communications Protection

SC-27

PLATFORM-INDEPENDENT APPLICATIONS

P0

System And
Communications Protection

SC-29

HETEROGENEITY

P0

System And
Communications Protection

SC-30

CONCEALMENT AND MISDIRECTION

P0

System And
Communications Protection

SC-31

COVERT CHANNEL ANALYSIS

P0

System And
Communications Protection

SC-32

INFORMATION SYSTEM PARTITIONING

P0

System And
Communications Protection

SC-33

TRANSMISSION PREPARATION INTEGRITY

System And
Communications Protection

SC-34

NON-MODIFIABLE EXECUTABLE PROGRAMS

P0

System And
Communications Protection

SC-35

HONEYCLIENTS

P0

System And
Communications Protection

SC-36

DISTRIBUTED PROCESSING AND STORAGE

P0

System And
Communications Protection

SC-37

OUT-OF-BAND CHANNELS

P0

System And
Communications Protection

SC-38

OPERATIONS SECURITY

P0

System And
Communications Protection

SC-40

WIRELESS LINK PROTECTION

P0

System And
Communications Protection

SC-41

PORT AND I/O DEVICE ACCESS

P0

System And
Communications Protection

SC-42

SENSOR CAPABILITY AND DATA

P0

System And
Communications Protection

SC-43

USAGE RESTRICTIONS

P0

System And
Communications Protection

SC-44

DETONATION CHAMBERS

P0

System And
Communications Protection

SI-9

INFORMATION INPUT RESTRICTIONS

System And
Information Integrity

SI-13

PREDICTABLE FAILURE PREVENTION

P0

System And
Information Integrity

SI-14

NON-PERSISTENCE

P0

System And
Information Integrity

SI-15

INFORMATION OUTPUT FILTERING

P0

System And
Information Integrity

SI-17

FAIL-SAFE PROCEDURES

P0

System And
Information Integrity

PM-1

INFORMATION SECURITY PROGRAM PLAN

Program
Management

PM-2

SENIOR INFORMATION SECURITY OFFICER

Program
Management

PM-3

INFORMATION SECURITY RESOURCES

Program
Management

PM-4

PLAN OF ACTION AND MILESTONES PROCESS

Program
Management

PM-5

INFORMATION SYSTEM INVENTORY

Program
Management

PM-6

INFORMATION SECURITY MEASURES OF PERFORMANCE

Program
Management

PM-7

ENTERPRISE ARCHITECTURE

Program
Management

PM-8

CRITICAL INFRASTRUCTURE PLAN

Program
Management

PM-9

RISK MANAGEMENT STRATEGY

Program
Management

PM-10

SECURITY AUTHORIZATION PROCESS

Program
Management

PM-11

MISSION/BUSINESS PROCESS DEFINITION

Program
Management

PM-12

INSIDER THREAT PROGRAM

Program
Management

PM-13

INFORMATION SECURITY WORKFORCE

Program
Management

PM-14

TESTING, TRAINING, AND MONITORING

Program
Management

PM-15

CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS

Program
Management

PM-16

THREAT AWARENESS PROGRAM

Program
Management

 

Leave a Reply

%d bloggers like this: