NIST 800-53 (Security and Privacy Controls for Information Systems and Organizations) Low, Medium, High Impact - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Tuesday, November 3, 2020

NIST 800-53 (Security and Privacy Controls for Information Systems and Organizations) Low, Medium, High Impact

Since NIST 800-53 was first introduced, the number of controls has greatly expanded; the initial version of 800-53 contained approximately 300 controls and NIST 800-53 rev 4 contains 965 controls. 

Note: 

1. ISO 27001(2013) is a management system that is comprised of 114 management controls. 

2. Formerly the SANS Critical Security Controls (SANS Top 20) these are now officially called the CIS Critical Security Controls (CIS Controls).CIS Controls Version 8 combines and consolidates the CIS Controls by activities, rather than by who manages the devices. Physical devices, fixed boundaries, and discrete islands of security implementation are less important; this is reflected in v8 through revised terminology and grouping of Safeguards, resulting in a decrease of the number of Controls from 20 to 18.

Despite the complexity, each NIST 800-53 revision makes the controls set increasingly valuable. As things like mobile, IoT, and cloud evolve, NIST continuously enhances 800-53 to make migration an ongoing requirement.

800-53 (Rev. 4) Security Control Catalog


2020-spectrum-nist-800-54-low-moderate-high-baseline-compliance.jpg


NIST Baseline Tailer

https://pages.nist.gov/sctools/bt.xml





Security Objectives / Impact / Required Security Controls


 Impact

Confidentiality

Integrity

Availability

Low

Login Audit
Encryption in transit
Patch Management
Centralized Authentication

Antivirus

Onsite Backup
Change Control
Patch Management
Vulnerability Management
SLAs

Moderate

Login Audit
System Health Monitoring
Encryption at rest
Encryption in transit
MFA
Secure Delete
DLP
Patch Management
Centralized Authentication
Machine Authentication
Role Based Authentication
Network IDS
Cloud Isolation

Antivirus
File Integrity Monitoring

High Availability
Onsite Backup
Change Control
Patch Management
Vulnerability Management
SLAs

High

Login Audit
System Health Monitoring
Encryption at rest
Encryption in transit
MFA
Privileged Access Management
Patch Management
Machine authentication
Host IDS
Network IDS
SSL Decryption
Secure Delete
DLP
Penetration Testing
Centralized Authentication
Role Based Authentication
Cloud Isolation

Antivirus
File Integrity Monitoring

High Availability
Onsite/Offsite Backup
Scalability
DR Site
Change Control
Patch Management
Vulnerability Management
DDoS Protection
SLAs



The following list is showing those most common controls align with the impact level in 800-53.

Impact / Required Security Controls (Based on 800-53)


 

Low

Moderate

High

Access Control / Firewall

 

 

 

Account Management

 

 

 

Security Awareness Training

 

 

 

Security Assessment / Categorization

 

 

 

System Inventory

 

 

 

Key Protection / Management

 

 

 

DoS Protection

 

 

 

Remote Access from External Network 

Monitoring, Managed,

Privileged Commands Controlled and Documents,

 Information Protected, Disabled non-secure network protocols

Wireless Access

Authentication, Encryption, Monitoring,

(Restrict Users)

 

Physical Access Control

 

 

 

System Maintenance

 

 

 

Patch Management

 

 

 

System / Login Audit / Response

 

 

 

System Health, Usage Monitoring

 

 

 

Encryption in transit

 

 

 

System Hardening

 

 

 

Software Usage Restrictions

 

 

 

Antivirus/Antimalware

 

 

 

Vulnerability Scanning

 

 

 

Onsite Backup / Recovery

 

 

 

Alternate Storage Site & Backup / Recovery

 

 

 

Access / Configuration Change Control

 

 

 

Least Privilege

 

 

 

PKI Certificates

 

 

 

Anti-SPAM

 

 

 

Endpoints Advanced Threat Protection

 

 

 

Encryption at Rest

 

 

 

Device Identification &  Authentication

 

 

 

Network IDS

 

 

 

File Integrity Monitoring

 

 

 

Role-based Authentication

 

 

 

Centralized Authentication

 

 

 

Separation of Duties

 

 

 

DLP

 

 

 

Application Partitioning

 

 

 

Multi Factor Authentication

 

 

 

Secure Delete

 

 

 

Penetration Testing

 

 

 

Vulnerability Management

 

 

 

Supply Chain Protection

 

 

 

Network Segregation (DMZ, Subnets, Mgmt Interface)

 

 

 

DR Site

 

 

 

Privileged Access Management

 

 

 

SIEM

 

 

 

Host IDS

 

 

 

 






NIST SP 800-53 Full Control List

https://www.stigviewer.com/controls/800-53

NIST priorities are from P0 to P5, with P1 being the highest priority.  Generally 1-5 dictates the order in which the controls should be implemented.


There is a P0 – which is the lowest priority.


Num.

Title

Impact

Priority

Subject Area

AC-1

ACCESS CONTROL POLICY AND PROCEDURES

LOW

P1

Access Control

AC-2

ACCOUNT MANAGEMENT

LOW

P1

Access Control

AC-3

ACCESS ENFORCEMENT

LOW

P1

Access Control

AC-7

UNSUCCESSFUL LOGON ATTEMPTS

LOW

P2

Access Control

AC-8

SYSTEM USE NOTIFICATION

LOW

P1

Access Control

AC-14

PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION

LOW

P3

Access Control

AC-17

REMOTE ACCESS

LOW

P1

Access Control

AC-18

WIRELESS ACCESS

LOW

P1

Access Control

AC-19

ACCESS CONTROL FOR MOBILE DEVICES

LOW

P1

Access Control

AC-20

USE OF EXTERNAL INFORMATION SYSTEMS

LOW

P1

Access Control

AC-22

PUBLICLY ACCESSIBLE CONTENT

LOW

P3

Access Control

AT-1

SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES

LOW

P1

Awareness And Training

AT-2

SECURITY AWARENESS TRAINING

LOW

P1

Awareness And Training

AT-3

ROLE-BASED SECURITY TRAINING

LOW

P1

Awareness And Training

AT-4

SECURITY TRAINING RECORDS

LOW

P3

Awareness And Training

AU-1

AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES

LOW

P1

Audit And Accountability

AU-2

AUDIT EVENTS

LOW

P1

Audit And Accountability

AU-3

CONTENT OF AUDIT RECORDS

LOW

P1

Audit And Accountability

AU-4

AUDIT STORAGE CAPACITY

LOW

P1

Audit And Accountability

AU-5

RESPONSE TO AUDIT PROCESSING FAILURES

LOW

P1

Audit And Accountability

AU-6

AUDIT REVIEW, ANALYSIS, AND REPORTING

LOW

P1

Audit And Accountability

AU-8

TIME STAMPS

LOW

P1

Audit And Accountability

AU-9

PROTECTION OF AUDIT INFORMATION

LOW

P1

Audit And Accountability

AU-11

AUDIT RECORD RETENTION

LOW

P3

Audit And Accountability

AU-12

AUDIT GENERATION

LOW

P1

Audit And Accountability

CA-1

SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES

LOW

P1

Security Assessment And Authorization

CA-2

SECURITY ASSESSMENTS

LOW

P2

Security Assessment And Authorization

CA-3

SYSTEM INTERCONNECTIONS

LOW

P1

Security Assessment And Authorization

CA-5

PLAN OF ACTION AND MILESTONES

LOW

P3

Security Assessment And Authorization

CA-6

SECURITY AUTHORIZATION

LOW

P2

Security Assessment And Authorization

CA-7

CONTINUOUS MONITORING

LOW

P2

Security Assessment And Authorization

CA-9

INTERNAL SYSTEM CONNECTIONS

LOW

P2

Security Assessment And Authorization

CM-1

CONFIGURATION MANAGEMENT POLICY AND PROCEDURES

LOW

P1

Configuration Management

CM-2

BASELINE CONFIGURATION

LOW

P1

Configuration Management

CM-4

SECURITY IMPACT ANALYSIS

LOW

P2

Configuration Management

CM-6

CONFIGURATION SETTINGS

LOW

P1

Configuration Management

CM-7

LEAST FUNCTIONALITY

LOW

P1

Configuration Management

CM-8

INFORMATION SYSTEM COMPONENT INVENTORY

LOW

P1

Configuration Management

CM-10

SOFTWARE USAGE RESTRICTIONS

LOW

P2

Configuration Management

CM-11

USER-INSTALLED SOFTWARE

LOW

P1

Configuration Management

CP-1

CONTINGENCY PLANNING POLICY AND PROCEDURES

LOW

P1

Contingency Planning

CP-2

CONTINGENCY PLAN

LOW

P1

Contingency Planning

CP-3

CONTINGENCY TRAINING

LOW

P2

Contingency Planning

CP-4

CONTINGENCY PLAN TESTING

LOW

P2

Contingency Planning

CP-9

INFORMATION SYSTEM BACKUP

LOW

P1

Contingency Planning

CP-10

INFORMATION SYSTEM RECOVERY AND RECONSTITUTION

LOW

P1

Contingency Planning

IA-1

IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES

LOW

P1

Identification And Authentication

IA-2

IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

LOW

P1

Identification And Authentication

IA-4

IDENTIFIER MANAGEMENT

LOW

P1

Identification And Authentication

IA-5

AUTHENTICATOR MANAGEMENT

LOW

P1

Identification And Authentication

IA-6

AUTHENTICATOR FEEDBACK

LOW

P2

Identification And Authentication

IA-7

CRYPTOGRAPHIC MODULE AUTHENTICATION

LOW

P1

Identification And Authentication

IA-8

IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

LOW

P1

Identification And Authentication

IR-1

INCIDENT RESPONSE POLICY AND PROCEDURES

LOW

P1

Incident Response

IR-2

INCIDENT RESPONSE TRAINING

LOW

P2

Incident Response

IR-4

INCIDENT HANDLING

LOW

P1

Incident Response

IR-5

INCIDENT MONITORING

LOW

P1

Incident Response

IR-6

INCIDENT REPORTING

LOW

P1

Incident Response

IR-7

INCIDENT RESPONSE ASSISTANCE

LOW

P2

Incident Response

IR-8

INCIDENT RESPONSE PLAN

LOW

P1

Incident Response

MA-1

SYSTEM MAINTENANCE POLICY AND PROCEDURES

LOW

P1

Maintenance

MA-2

CONTROLLED MAINTENANCE

LOW

P2

Maintenance

MA-4

NONLOCAL MAINTENANCE

LOW

P2

Maintenance

MA-5

MAINTENANCE PERSONNEL

LOW

P2

Maintenance

MP-1

MEDIA PROTECTION POLICY AND PROCEDURES

LOW

P1

Media Protection

MP-2

MEDIA ACCESS

LOW

P1

Media Protection

MP-6

MEDIA SANITIZATION

LOW

P1

Media Protection

MP-7

MEDIA USE

LOW

P1

Media Protection

PE-1

PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES

LOW

P1

Physical And Environmental Protection

PE-2

PHYSICAL ACCESS AUTHORIZATIONS

LOW

P1

Physical And Environmental Protection

PE-3

PHYSICAL ACCESS CONTROL

LOW

P1

Physical And Environmental Protection

PE-6

MONITORING PHYSICAL ACCESS

LOW

P1

Physical And Environmental Protection

PE-8

VISITOR ACCESS RECORDS

LOW

P3

Physical And Environmental Protection

PE-12

EMERGENCY LIGHTING

LOW

P1

Physical And Environmental Protection

PE-13

FIRE PROTECTION

LOW

P1

Physical And Environmental Protection

PE-14

TEMPERATURE AND HUMIDITY CONTROLS

LOW

P1

Physical And Environmental Protection

PE-15

WATER DAMAGE PROTECTION

LOW

P1

Physical And Environmental Protection

PE-16

DELIVERY AND REMOVAL

LOW

P2

Physical And Environmental Protection

PL-1

SECURITY PLANNING POLICY AND PROCEDURES

LOW

P1

Planning

PL-2

SYSTEM SECURITY PLAN

LOW

P1

Planning

PL-4

RULES OF BEHAVIOR

LOW

P2

Planning

PS-1

PERSONNEL SECURITY POLICY AND PROCEDURES

LOW

P1

Personnel Security

PS-2

POSITION RISK DESIGNATION

LOW

P1

Personnel Security

PS-3

PERSONNEL SCREENING

LOW

P1

Personnel Security

PS-4

PERSONNEL TERMINATION

LOW

P1

Personnel Security

PS-5

PERSONNEL TRANSFER

LOW

P2

Personnel Security

PS-6

ACCESS AGREEMENTS

LOW

P3

Personnel Security

PS-7

THIRD-PARTY PERSONNEL SECURITY

LOW

P1

Personnel Security

PS-8

PERSONNEL SANCTIONS

LOW

P3

Personnel Security

RA-1

RISK ASSESSMENT POLICY AND PROCEDURES

LOW

P1

Risk Assessment

RA-2

SECURITY CATEGORIZATION

LOW

P1

Risk Assessment

RA-3

RISK ASSESSMENT

LOW

P1

Risk Assessment

RA-5

VULNERABILITY SCANNING

LOW

P1

Risk Assessment

SA-1

SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES

LOW

P1

System And Services Acquisition

SA-2

ALLOCATION OF RESOURCES

LOW

P1

System And Services Acquisition

SA-3

SYSTEM DEVELOPMENT LIFE CYCLE

LOW

P1

System And Services Acquisition

SA-4

ACQUISITION PROCESS

LOW

P1

System And Services Acquisition

SA-5

INFORMATION SYSTEM DOCUMENTATION

LOW

P2

System And Services Acquisition

SA-9

EXTERNAL INFORMATION SYSTEM SERVICES

LOW

P1

System And Services Acquisition

SC-1

SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES

LOW

P1

System And Communications Protection

SC-5

DENIAL OF SERVICE PROTECTION

LOW

P1

System And Communications Protection

SC-7

BOUNDARY PROTECTION

LOW

P1

System And Communications Protection

SC-12

CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT

LOW

P1

System And Communications Protection

SC-13

CRYPTOGRAPHIC PROTECTION

LOW

P1

System And Communications Protection

SC-15

COLLABORATIVE COMPUTING DEVICES

LOW

P1

System And Communications Protection

SC-20

SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)

LOW

P1

System And Communications Protection

SC-21

SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)

LOW

P1

System And Communications Protection

SC-22

ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE

LOW

P1

System And Communications Protection

SC-39

PROCESS ISOLATION

LOW

P1

System And Communications Protection

SI-1

SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES

LOW

P1

System And Information Integrity

SI-2

FLAW REMEDIATION

LOW

P1

System And Information Integrity

SI-3

MALICIOUS CODE PROTECTION

LOW

P1

System And Information Integrity

SI-4

INFORMATION SYSTEM MONITORING

LOW

P1

System And Information Integrity

SI-5

SECURITY ALERTS, ADVISORIES, AND DIRECTIVES

LOW

P1

System And Information Integrity

SI-12

INFORMATION HANDLING AND RETENTION

LOW

P2

System And Information Integrity

 

Num.

Title

Impact

Priority

Subject Area

AC-4

INFORMATION FLOW ENFORCEMENT

MODERATE

P1

Access Control

AC-5

SEPARATION OF DUTIES

MODERATE

P1

Access Control

AC-6

LEAST PRIVILEGE

MODERATE

P1

Access Control

AC-11

SESSION LOCK

MODERATE

P3

Access Control

AC-12

SESSION TERMINATION

MODERATE

P2

Access Control

AC-21

INFORMATION SHARING

MODERATE

P2

Access Control

AU-7

AUDIT REDUCTION AND REPORT GENERATION

MODERATE

P2

Audit And Accountability

CM-3

CONFIGURATION CHANGE CONTROL

MODERATE

P1

Configuration Management

CM-5

ACCESS RESTRICTIONS FOR CHANGE

MODERATE

P1

Configuration Management

CM-9

CONFIGURATION MANAGEMENT PLAN

MODERATE

P1

Configuration Management

CP-6

ALTERNATE STORAGE SITE

MODERATE

P1

Contingency Planning

CP-7

ALTERNATE PROCESSING SITE

MODERATE

P1

Contingency Planning

CP-8

TELECOMMUNICATIONS SERVICES

MODERATE

P1

Contingency Planning

IA-3

DEVICE IDENTIFICATION AND AUTHENTICATION

MODERATE

P1

Identification And Authentication

IR-3

INCIDENT RESPONSE TESTING

MODERATE

P2

Incident Response

MA-3

MAINTENANCE TOOLS

MODERATE

P3

Maintenance

MA-6

TIMELY MAINTENANCE

MODERATE

P2

Maintenance

MP-3

MEDIA MARKING

MODERATE

P2

Media Protection

MP-4

MEDIA STORAGE

MODERATE

P1

Media Protection

MP-5

MEDIA TRANSPORT

MODERATE

P1

Media Protection

PE-4

ACCESS CONTROL FOR TRANSMISSION MEDIUM

MODERATE

P1

Physical And Environmental Protection

PE-5

ACCESS CONTROL FOR OUTPUT DEVICES

MODERATE

P2

Physical And Environmental Protection

PE-9

POWER EQUIPMENT AND CABLING

MODERATE

P1

Physical And Environmental Protection

PE-10

EMERGENCY SHUTOFF

MODERATE

P1

Physical And Environmental Protection

PE-11

EMERGENCY POWER

MODERATE

P1

Physical And Environmental Protection

PE-17

ALTERNATE WORK SITE

MODERATE

P2

Physical And Environmental Protection

PL-8

INFORMATION SECURITY ARCHITECTURE

MODERATE

P1

Planning

SA-8

SECURITY ENGINEERING PRINCIPLES

MODERATE

P1

System And Services Acquisition

SA-10

DEVELOPER CONFIGURATION MANAGEMENT

MODERATE

P1

System And Services Acquisition

SA-11

DEVELOPER SECURITY TESTING AND EVALUATION

MODERATE

P1

System And Services Acquisition

SC-2

APPLICATION PARTITIONING

MODERATE

P1

System And Communications Protection

SC-4

INFORMATION IN SHARED RESOURCES

MODERATE

P1

System And Communications Protection

SC-8

TRANSMISSION CONFIDENTIALITY AND INTEGRITY

MODERATE

P1

System And Communications Protection

SC-10

NETWORK DISCONNECT

MODERATE

P2

System And Communications Protection

SC-17

PUBLIC KEY INFRASTRUCTURE CERTIFICATES

MODERATE

P1

System And Communications Protection

SC-18

MOBILE CODE

MODERATE

P2

System And Communications Protection

SC-19

VOICE OVER INTERNET PROTOCOL

MODERATE

P1

System And Communications Protection

SC-23

SESSION AUTHENTICITY

MODERATE

P1

System And Communications Protection

SC-28

PROTECTION OF INFORMATION AT REST

MODERATE

P1

System And Communications Protection

SI-7

SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

MODERATE

P1

System And Information Integrity

SI-8

SPAM PROTECTION

MODERATE

P2

System And Information Integrity

SI-10

INFORMATION INPUT VALIDATION

MODERATE

P1

System And Information Integrity

SI-11

ERROR HANDLING

MODERATE

P2

System And Information Integrity

SI-16

MEMORY PROTECTION

MODERATE

P1

System And Information Integrity

 


Num.

Title

Impact

Priority

Subject Area

AC-10

CONCURRENT SESSION CONTROL

HIGH

P3

Access Control

AU-10

NON-REPUDIATION

HIGH

P2

Audit And Accountability

CA-8

PENETRATION TESTING

HIGH

P2

Security Assessment And Authorization

PE-18

LOCATION OF INFORMATION SYSTEM COMPONENTS

HIGH

P3

Physical And Environmental Protection

SA-12

SUPPLY CHAIN PROTECTION

HIGH

P1

System And Services Acquisition

SA-15

DEVELOPMENT PROCESS, STANDARDS, AND TOOLS

HIGH

P2

System And Services Acquisition

SA-16

DEVELOPER-PROVIDED TRAINING

HIGH

P2

System And Services Acquisition

SA-17

DEVELOPER SECURITY ARCHITECTURE AND DESIGN

HIGH

P1

System And Services Acquisition

SC-3

SECURITY FUNCTION ISOLATION

HIGH

P1

System And Communications Protection

SC-24

FAIL IN KNOWN STATE

HIGH

P1

System And Communications Protection

SI-6

SECURITY FUNCTION VERIFICATION

HIGH

P1

System And Information Integrity

 



Num.

Title

Impact

Priority

Subject Area

AC-9

PREVIOUS LOGON (ACCESS) NOTIFICATION

P0

Access Control

AC-13

SUPERVISION AND REVIEW � ACCESS CONTROL

Access Control

AC-15

AUTOMATED MARKING

Access Control

AC-16

SECURITY ATTRIBUTES

P0

Access Control

AC-23

DATA MINING PROTECTION

P0

Access Control

AC-24

ACCESS CONTROL DECISIONS

P0

Access Control

AC-25

REFERENCE MONITOR

P0

Access Control

AT-5

CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS

Awareness And Training

AU-13

MONITORING FOR INFORMATION DISCLOSURE

P0

Audit And Accountability

AU-14

SESSION AUDIT

P0

Audit And Accountability

AU-15

ALTERNATE AUDIT CAPABILITY

P0

Audit And Accountability

AU-16

CROSS-ORGANIZATIONAL AUDITING

P0

Audit And Accountability

CA-4

SECURITY CERTIFICATION

Security Assessment And Authorization

CP-5

CONTINGENCY PLAN UPDATE

Contingency Planning

CP-11

ALTERNATE COMMUNICATIONS PROTOCOLS

P0

Contingency Planning

CP-12

SAFE MODE

P0

Contingency Planning

CP-13

ALTERNATIVE SECURITY MECHANISMS

P0

Contingency Planning

IA-9

SERVICE IDENTIFICATION AND AUTHENTICATION

P0

Identification And Authentication

IA-10

ADAPTIVE IDENTIFICATION AND AUTHENTICATION

P0

Identification And Authentication

IA-11

RE-AUTHENTICATION

P0

Identification And Authentication

IR-9

INFORMATION SPILLAGE RESPONSE

P0

Incident Response

IR-10

INTEGRATED INFORMATION SECURITY ANALYSIS TEAM

P0

Incident Response

MP-8

MEDIA DOWNGRADING

P0

Media Protection

PE-7

VISITOR CONTROL

Physical And Environmental Protection

PE-19

INFORMATION LEAKAGE

P0

Physical And Environmental Protection

PE-20

ASSET MONITORING AND TRACKING

P0

Physical And Environmental Protection

PL-3

SYSTEM SECURITY PLAN UPDATE

Planning

PL-5

PRIVACY IMPACT ASSESSMENT

Planning

PL-6

SECURITY-RELATED ACTIVITY PLANNING

Planning

PL-7

SECURITY CONCEPT OF OPERATIONS

P0

Planning

PL-9

CENTRAL MANAGEMENT

P0

Planning

RA-4

RISK ASSESSMENT UPDATE

Risk Assessment

RA-6

TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY

P0

Risk Assessment

SA-6

SOFTWARE USAGE RESTRICTIONS

System And Services Acquisition

SA-7

USER-INSTALLED SOFTWARE

System And Services Acquisition

SA-13

TRUSTWORTHINESS

P0

System And Services Acquisition

SA-14

CRITICALITY ANALYSIS

P0

System And Services Acquisition

SA-18

TAMPER RESISTANCE AND DETECTION

P0

System And Services Acquisition

SA-19

COMPONENT AUTHENTICITY

P0

System And Services Acquisition

SA-20

CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS

P0

System And Services Acquisition

SA-21

DEVELOPER SCREENING

P0

System And Services Acquisition

SA-22

UNSUPPORTED SYSTEM COMPONENTS

P0

System And Services Acquisition

SC-6

RESOURCE AVAILABILITY

P0

System And Communications Protection

SC-9

TRANSMISSION CONFIDENTIALITY

System And Communications Protection

SC-11

TRUSTED PATH

P0

System And Communications Protection

SC-14

PUBLIC ACCESS PROTECTIONS

System And Communications Protection

SC-16

TRANSMISSION OF SECURITY ATTRIBUTES

P0

System And Communications Protection

SC-25

THIN NODES

P0

System And Communications Protection

SC-26

HONEYPOTS

P0

System And Communications Protection

SC-27

PLATFORM-INDEPENDENT APPLICATIONS

P0

System And Communications Protection

SC-29

HETEROGENEITY

P0

System And Communications Protection

SC-30

CONCEALMENT AND MISDIRECTION

P0

System And Communications Protection

SC-31

COVERT CHANNEL ANALYSIS

P0

System And Communications Protection

SC-32

INFORMATION SYSTEM PARTITIONING

P0

System And Communications Protection

SC-33

TRANSMISSION PREPARATION INTEGRITY

System And Communications Protection

SC-34

NON-MODIFIABLE EXECUTABLE PROGRAMS

P0

System And Communications Protection

SC-35

HONEYCLIENTS

P0

System And Communications Protection

SC-36

DISTRIBUTED PROCESSING AND STORAGE

P0

System And Communications Protection

SC-37

OUT-OF-BAND CHANNELS

P0

System And Communications Protection

SC-38

OPERATIONS SECURITY

P0

System And Communications Protection

SC-40

WIRELESS LINK PROTECTION

P0

System And Communications Protection

SC-41

PORT AND I/O DEVICE ACCESS

P0

System And Communications Protection

SC-42

SENSOR CAPABILITY AND DATA

P0

System And Communications Protection

SC-43

USAGE RESTRICTIONS

P0

System And Communications Protection

SC-44

DETONATION CHAMBERS

P0

System And Communications Protection

SI-9

INFORMATION INPUT RESTRICTIONS

System And Information Integrity

SI-13

PREDICTABLE FAILURE PREVENTION

P0

System And Information Integrity

SI-14

NON-PERSISTENCE

P0

System And Information Integrity

SI-15

INFORMATION OUTPUT FILTERING

P0

System And Information Integrity

SI-17

FAIL-SAFE PROCEDURES

P0

System And Information Integrity

PM-1

INFORMATION SECURITY PROGRAM PLAN

Program Management

PM-2

SENIOR INFORMATION SECURITY OFFICER

Program Management

PM-3

INFORMATION SECURITY RESOURCES

Program Management

PM-4

PLAN OF ACTION AND MILESTONES PROCESS

Program Management

PM-5

INFORMATION SYSTEM INVENTORY

Program Management

PM-6

INFORMATION SECURITY MEASURES OF PERFORMANCE

Program Management

PM-7

ENTERPRISE ARCHITECTURE

Program Management

PM-8

CRITICAL INFRASTRUCTURE PLAN

Program Management

PM-9

RISK MANAGEMENT STRATEGY

Program Management

PM-10

SECURITY AUTHORIZATION PROCESS

Program Management

PM-11

MISSION/BUSINESS PROCESS DEFINITION

Program Management

PM-12

INSIDER THREAT PROGRAM

Program Management

PM-13

INFORMATION SECURITY WORKFORCE

Program Management

PM-14

TESTING, TRAINING, AND MONITORING

Program Management

PM-15

CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS

Program Management

PM-16

THREAT AWARENESS PROGRAM

Program Management

 

No comments:

Post a Comment