NIST 800-53 (Security and Privacy Controls for Information Systems and Organizations) Low, Medium, High Impact

Since NIST 800-53 was first introduced, the number of controls has greatly expanded; the initial version of 800-53 contained approximately 300 controls and NIST 800-53 rev 4 contains 965 controls. 

Note: 

1. ISO 27001(2013) is a management system that is comprised of 114 management controls. 

2. Formerly the SANS Critical Security Controls (SANS Top 20) these are now officially called the CIS Critical Security Controls (CIS Controls).CIS Controls Version 8 combines and consolidates the CIS Controls by activities, rather than by who manages the devices. Physical devices, fixed boundaries, and discrete islands of security implementation are less important; this is reflected in v8 through revised terminology and grouping of Safeguards, resulting in a decrease of the number of Controls from 20 to 18.

Despite the complexity, each NIST 800-53 revision makes the controls set increasingly valuable. As things like mobile, IoT, and cloud evolve, NIST continuously enhances 800-53 to make migration an ongoing requirement.

800-53 (Rev. 4) Security Control Catalog

• Low-Impact
• Moderate-Impact
• High-Impact

NIST Baseline Tailer

https://pages.nist.gov/sctools/bt.xml

Security Objectives / Impact / Required Security Controls

Impact	Confidentiality	Integrity	Availability
Low	Login Audit Encryption in transit Patch Management Centralized Authentication	Antivirus	Onsite Backup Change Control Patch Management Vulnerability Management SLAs
Moderate	Login Audit System Health Monitoring Encryption at rest Encryption in transit MFA Secure Delete DLP Patch Management Centralized Authentication Machine Authentication Role Based Authentication Network IDS Cloud Isolation	Antivirus File Integrity Monitoring	High Availability Onsite Backup Change Control Patch Management Vulnerability Management SLAs
High	Login Audit System Health Monitoring Encryption at rest Encryption in transit MFA Privileged Access Management Patch Management Machine authentication Host IDS Network IDS SSL Decryption Secure Delete DLP Penetration Testing Centralized Authentication Role Based Authentication Cloud Isolation	Antivirus File Integrity Monitoring	High Availability Onsite/Offsite Backup Scalability DR Site Change Control Patch Management Vulnerability Management DDoS Protection SLAs
The following list is showing those most common controls align with the impact level in 800-53. Impact / Required Security Controls (Based on 800-53)   Low Moderate High Access Control / Firewall       Account Management       Security Awareness Training       Security Assessment / Categorization       System Inventory       Key Protection / Management       DoS Protection       Remote Access from External Network  Monitoring, Managed, Privileged Commands Controlled and Documents,  Information Protected, Disabled non-secure network protocols Wireless Access Authentication, Encryption, Monitoring, (Restrict Users)   Physical Access Control       System Maintenance       Patch Management       System / Login Audit / Response       System Health, Usage Monitoring       Encryption in transit       System Hardening       Software Usage Restrictions       Antivirus/Antimalware       Vulnerability Scanning       Onsite Backup / Recovery       Alternate Storage Site & Backup / Recovery       Access / Configuration Change Control       Least Privilege       PKI Certificates       Anti-SPAM       Endpoints Advanced Threat Protection       Encryption at Rest       Device Identification &  Authentication       Network IDS       File Integrity Monitoring       Role-based Authentication       Centralized Authentication       Separation of Duties       DLP       Application Partitioning       Multi Factor Authentication       Secure Delete       Penetration Testing       Vulnerability Management       Supply Chain Protection       Network Segregation (DMZ, Subnets, Mgmt Interface)       DR Site       Privileged Access Management       SIEM       Host IDS

NIST SP 800-53 Full Control List

https://www.stigviewer.com/controls/800-53

NIST priorities are from P0 to P5, with P1 being the highest priority.  Generally 1-5 dictates the order in which the controls should be implemented.

There is a P0 – which is the lowest priority.

Num.	Title	Impact	Priority	Subject Area
AC-1	ACCESS CONTROL POLICY AND PROCEDURES	LOW	P1	Access Control
AC-2	ACCOUNT MANAGEMENT	LOW	P1	Access Control
AC-3	ACCESS ENFORCEMENT	LOW	P1	Access Control
AC-7	UNSUCCESSFUL LOGON ATTEMPTS	LOW	P2	Access Control
AC-8	SYSTEM USE NOTIFICATION	LOW	P1	Access Control
AC-14	PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION	LOW	P3	Access Control
AC-17	REMOTE ACCESS	LOW	P1	Access Control
AC-18	WIRELESS ACCESS	LOW	P1	Access Control
AC-19	ACCESS CONTROL FOR MOBILE DEVICES	LOW	P1	Access Control
AC-20	USE OF EXTERNAL INFORMATION SYSTEMS	LOW	P1	Access Control
AC-22	PUBLICLY ACCESSIBLE CONTENT	LOW	P3	Access Control
AT-1	SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES	LOW	P1	Awareness And Training
AT-2	SECURITY AWARENESS TRAINING	LOW	P1	Awareness And Training
AT-3	ROLE-BASED SECURITY TRAINING	LOW	P1	Awareness And Training
AT-4	SECURITY TRAINING RECORDS	LOW	P3	Awareness And Training
AU-1	AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES	LOW	P1	Audit And Accountability
AU-2	AUDIT EVENTS	LOW	P1	Audit And Accountability
AU-3	CONTENT OF AUDIT RECORDS	LOW	P1	Audit And Accountability
AU-4	AUDIT STORAGE CAPACITY	LOW	P1	Audit And Accountability
AU-5	RESPONSE TO AUDIT PROCESSING FAILURES	LOW	P1	Audit And Accountability
AU-6	AUDIT REVIEW, ANALYSIS, AND REPORTING	LOW	P1	Audit And Accountability
AU-8	TIME STAMPS	LOW	P1	Audit And Accountability
AU-9	PROTECTION OF AUDIT INFORMATION	LOW	P1	Audit And Accountability
AU-11	AUDIT RECORD RETENTION	LOW	P3	Audit And Accountability
AU-12	AUDIT GENERATION	LOW	P1	Audit And Accountability
CA-1	SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES	LOW	P1	Security Assessment And Authorization
CA-2	SECURITY ASSESSMENTS	LOW	P2	Security Assessment And Authorization
CA-3	SYSTEM INTERCONNECTIONS	LOW	P1	Security Assessment And Authorization
CA-5	PLAN OF ACTION AND MILESTONES	LOW	P3	Security Assessment And Authorization
CA-6	SECURITY AUTHORIZATION	LOW	P2	Security Assessment And Authorization
CA-7	CONTINUOUS MONITORING	LOW	P2	Security Assessment And Authorization
CA-9	INTERNAL SYSTEM CONNECTIONS	LOW	P2	Security Assessment And Authorization
CM-1	CONFIGURATION MANAGEMENT POLICY AND PROCEDURES	LOW	P1	Configuration Management
CM-2	BASELINE CONFIGURATION	LOW	P1	Configuration Management
CM-4	SECURITY IMPACT ANALYSIS	LOW	P2	Configuration Management
CM-6	CONFIGURATION SETTINGS	LOW	P1	Configuration Management
CM-7	LEAST FUNCTIONALITY	LOW	P1	Configuration Management
CM-8	INFORMATION SYSTEM COMPONENT INVENTORY	LOW	P1	Configuration Management
CM-10	SOFTWARE USAGE RESTRICTIONS	LOW	P2	Configuration Management
CM-11	USER-INSTALLED SOFTWARE	LOW	P1	Configuration Management
CP-1	CONTINGENCY PLANNING POLICY AND PROCEDURES	LOW	P1	Contingency Planning
CP-2	CONTINGENCY PLAN	LOW	P1	Contingency Planning
CP-3	CONTINGENCY TRAINING	LOW	P2	Contingency Planning
CP-4	CONTINGENCY PLAN TESTING	LOW	P2	Contingency Planning
CP-9	INFORMATION SYSTEM BACKUP	LOW	P1	Contingency Planning
CP-10	INFORMATION SYSTEM RECOVERY AND RECONSTITUTION	LOW	P1	Contingency Planning
IA-1	IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES	LOW	P1	Identification And Authentication
IA-2	IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)	LOW	P1	Identification And Authentication
IA-4	IDENTIFIER MANAGEMENT	LOW	P1	Identification And Authentication
IA-5	AUTHENTICATOR MANAGEMENT	LOW	P1	Identification And Authentication
IA-6	AUTHENTICATOR FEEDBACK	LOW	P2	Identification And Authentication
IA-7	CRYPTOGRAPHIC MODULE AUTHENTICATION	LOW	P1	Identification And Authentication
IA-8	IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)	LOW	P1	Identification And Authentication
IR-1	INCIDENT RESPONSE POLICY AND PROCEDURES	LOW	P1	Incident Response
IR-2	INCIDENT RESPONSE TRAINING	LOW	P2	Incident Response
IR-4	INCIDENT HANDLING	LOW	P1	Incident Response
IR-5	INCIDENT MONITORING	LOW	P1	Incident Response
IR-6	INCIDENT REPORTING	LOW	P1	Incident Response
IR-7	INCIDENT RESPONSE ASSISTANCE	LOW	P2	Incident Response
IR-8	INCIDENT RESPONSE PLAN	LOW	P1	Incident Response
MA-1	SYSTEM MAINTENANCE POLICY AND PROCEDURES	LOW	P1	Maintenance
MA-2	CONTROLLED MAINTENANCE	LOW	P2	Maintenance
MA-4	NONLOCAL MAINTENANCE	LOW	P2	Maintenance
MA-5	MAINTENANCE PERSONNEL	LOW	P2	Maintenance
MP-1	MEDIA PROTECTION POLICY AND PROCEDURES	LOW	P1	Media Protection
MP-2	MEDIA ACCESS	LOW	P1	Media Protection
MP-6	MEDIA SANITIZATION	LOW	P1	Media Protection
MP-7	MEDIA USE	LOW	P1	Media Protection
PE-1	PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES	LOW	P1	Physical And Environmental Protection
PE-2	PHYSICAL ACCESS AUTHORIZATIONS	LOW	P1	Physical And Environmental Protection
PE-3	PHYSICAL ACCESS CONTROL	LOW	P1	Physical And Environmental Protection
PE-6	MONITORING PHYSICAL ACCESS	LOW	P1	Physical And Environmental Protection
PE-8	VISITOR ACCESS RECORDS	LOW	P3	Physical And Environmental Protection
PE-12	EMERGENCY LIGHTING	LOW	P1	Physical And Environmental Protection
PE-13	FIRE PROTECTION	LOW	P1	Physical And Environmental Protection
PE-14	TEMPERATURE AND HUMIDITY CONTROLS	LOW	P1	Physical And Environmental Protection
PE-15	WATER DAMAGE PROTECTION	LOW	P1	Physical And Environmental Protection
PE-16	DELIVERY AND REMOVAL	LOW	P2	Physical And Environmental Protection
PL-1	SECURITY PLANNING POLICY AND PROCEDURES	LOW	P1	Planning
PL-2	SYSTEM SECURITY PLAN	LOW	P1	Planning
PL-4	RULES OF BEHAVIOR	LOW	P2	Planning
PS-1	PERSONNEL SECURITY POLICY AND PROCEDURES	LOW	P1	Personnel Security
PS-2	POSITION RISK DESIGNATION	LOW	P1	Personnel Security
PS-3	PERSONNEL SCREENING	LOW	P1	Personnel Security
PS-4	PERSONNEL TERMINATION	LOW	P1	Personnel Security
PS-5	PERSONNEL TRANSFER	LOW	P2	Personnel Security
PS-6	ACCESS AGREEMENTS	LOW	P3	Personnel Security
PS-7	THIRD-PARTY PERSONNEL SECURITY	LOW	P1	Personnel Security
PS-8	PERSONNEL SANCTIONS	LOW	P3	Personnel Security
RA-1	RISK ASSESSMENT POLICY AND PROCEDURES	LOW	P1	Risk Assessment
RA-2	SECURITY CATEGORIZATION	LOW	P1	Risk Assessment
RA-3	RISK ASSESSMENT	LOW	P1	Risk Assessment
RA-5	VULNERABILITY SCANNING	LOW	P1	Risk Assessment
SA-1	SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES	LOW	P1	System And Services Acquisition
SA-2	ALLOCATION OF RESOURCES	LOW	P1	System And Services Acquisition
SA-3	SYSTEM DEVELOPMENT LIFE CYCLE	LOW	P1	System And Services Acquisition
SA-4	ACQUISITION PROCESS	LOW	P1	System And Services Acquisition
SA-5	INFORMATION SYSTEM DOCUMENTATION	LOW	P2	System And Services Acquisition
SA-9	EXTERNAL INFORMATION SYSTEM SERVICES	LOW	P1	System And Services Acquisition
SC-1	SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES	LOW	P1	System And Communications Protection
SC-5	DENIAL OF SERVICE PROTECTION	LOW	P1	System And Communications Protection
SC-7	BOUNDARY PROTECTION	LOW	P1	System And Communications Protection
SC-12	CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT	LOW	P1	System And Communications Protection
SC-13	CRYPTOGRAPHIC PROTECTION	LOW	P1	System And Communications Protection
SC-15	COLLABORATIVE COMPUTING DEVICES	LOW	P1	System And Communications Protection
SC-20	SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)	LOW	P1	System And Communications Protection
SC-21	SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)	LOW	P1	System And Communications Protection
SC-22	ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE	LOW	P1	System And Communications Protection
SC-39	PROCESS ISOLATION	LOW	P1	System And Communications Protection
SI-1	SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES	LOW	P1	System And Information Integrity
SI-2	FLAW REMEDIATION	LOW	P1	System And Information Integrity
SI-3	MALICIOUS CODE PROTECTION	LOW	P1	System And Information Integrity
SI-4	INFORMATION SYSTEM MONITORING	LOW	P1	System And Information Integrity
SI-5	SECURITY ALERTS, ADVISORIES, AND DIRECTIVES	LOW	P1	System And Information Integrity
SI-12	INFORMATION HANDLING AND RETENTION	LOW	P2	System And Information Integrity

 

Num.	Title	Impact	Priority	Subject Area
AC-4	INFORMATION FLOW ENFORCEMENT	MODERATE	P1	Access Control
AC-5	SEPARATION OF DUTIES	MODERATE	P1	Access Control
AC-6	LEAST PRIVILEGE	MODERATE	P1	Access Control
AC-11	SESSION LOCK	MODERATE	P3	Access Control
AC-12	SESSION TERMINATION	MODERATE	P2	Access Control
AC-21	INFORMATION SHARING	MODERATE	P2	Access Control
AU-7	AUDIT REDUCTION AND REPORT GENERATION	MODERATE	P2	Audit And Accountability
CM-3	CONFIGURATION CHANGE CONTROL	MODERATE	P1	Configuration Management
CM-5	ACCESS RESTRICTIONS FOR CHANGE	MODERATE	P1	Configuration Management
CM-9	CONFIGURATION MANAGEMENT PLAN	MODERATE	P1	Configuration Management
CP-6	ALTERNATE STORAGE SITE	MODERATE	P1	Contingency Planning
CP-7	ALTERNATE PROCESSING SITE	MODERATE	P1	Contingency Planning
CP-8	TELECOMMUNICATIONS SERVICES	MODERATE	P1	Contingency Planning
IA-3	DEVICE IDENTIFICATION AND AUTHENTICATION	MODERATE	P1	Identification And Authentication
IR-3	INCIDENT RESPONSE TESTING	MODERATE	P2	Incident Response
MA-3	MAINTENANCE TOOLS	MODERATE	P3	Maintenance
MA-6	TIMELY MAINTENANCE	MODERATE	P2	Maintenance
MP-3	MEDIA MARKING	MODERATE	P2	Media Protection
MP-4	MEDIA STORAGE	MODERATE	P1	Media Protection
MP-5	MEDIA TRANSPORT	MODERATE	P1	Media Protection
PE-4	ACCESS CONTROL FOR TRANSMISSION MEDIUM	MODERATE	P1	Physical And Environmental Protection
PE-5	ACCESS CONTROL FOR OUTPUT DEVICES	MODERATE	P2	Physical And Environmental Protection
PE-9	POWER EQUIPMENT AND CABLING	MODERATE	P1	Physical And Environmental Protection
PE-10	EMERGENCY SHUTOFF	MODERATE	P1	Physical And Environmental Protection
PE-11	EMERGENCY POWER	MODERATE	P1	Physical And Environmental Protection
PE-17	ALTERNATE WORK SITE	MODERATE	P2	Physical And Environmental Protection
PL-8	INFORMATION SECURITY ARCHITECTURE	MODERATE	P1	Planning
SA-8	SECURITY ENGINEERING PRINCIPLES	MODERATE	P1	System And Services Acquisition
SA-10	DEVELOPER CONFIGURATION MANAGEMENT	MODERATE	P1	System And Services Acquisition
SA-11	DEVELOPER SECURITY TESTING AND EVALUATION	MODERATE	P1	System And Services Acquisition
SC-2	APPLICATION PARTITIONING	MODERATE	P1	System And Communications Protection
SC-4	INFORMATION IN SHARED RESOURCES	MODERATE	P1	System And Communications Protection
SC-8	TRANSMISSION CONFIDENTIALITY AND INTEGRITY	MODERATE	P1	System And Communications Protection
SC-10	NETWORK DISCONNECT	MODERATE	P2	System And Communications Protection
SC-17	PUBLIC KEY INFRASTRUCTURE CERTIFICATES	MODERATE	P1	System And Communications Protection
SC-18	MOBILE CODE	MODERATE	P2	System And Communications Protection
SC-19	VOICE OVER INTERNET PROTOCOL	MODERATE	P1	System And Communications Protection
SC-23	SESSION AUTHENTICITY	MODERATE	P1	System And Communications Protection
SC-28	PROTECTION OF INFORMATION AT REST	MODERATE	P1	System And Communications Protection
SI-7	SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY	MODERATE	P1	System And Information Integrity
SI-8	SPAM PROTECTION	MODERATE	P2	System And Information Integrity
SI-10	INFORMATION INPUT VALIDATION	MODERATE	P1	System And Information Integrity
SI-11	ERROR HANDLING	MODERATE	P2	System And Information Integrity
SI-16	MEMORY PROTECTION	MODERATE	P1	System And Information Integrity

 

Num.	Title	Impact	Priority	Subject Area
AC-10	CONCURRENT SESSION CONTROL	HIGH	P3	Access Control
AU-10	NON-REPUDIATION	HIGH	P2	Audit And Accountability
CA-8	PENETRATION TESTING	HIGH	P2	Security Assessment And Authorization
PE-18	LOCATION OF INFORMATION SYSTEM COMPONENTS	HIGH	P3	Physical And Environmental Protection
SA-12	SUPPLY CHAIN PROTECTION	HIGH	P1	System And Services Acquisition
SA-15	DEVELOPMENT PROCESS, STANDARDS, AND TOOLS	HIGH	P2	System And Services Acquisition
SA-16	DEVELOPER-PROVIDED TRAINING	HIGH	P2	System And Services Acquisition
SA-17	DEVELOPER SECURITY ARCHITECTURE AND DESIGN	HIGH	P1	System And Services Acquisition
SC-3	SECURITY FUNCTION ISOLATION	HIGH	P1	System And Communications Protection
SC-24	FAIL IN KNOWN STATE	HIGH	P1	System And Communications Protection
SI-6	SECURITY FUNCTION VERIFICATION	HIGH	P1	System And Information Integrity

 

Num.	Title	Impact	Priority	Subject Area
AC-9	PREVIOUS LOGON (ACCESS) NOTIFICATION		P0	Access Control
AC-13	SUPERVISION AND REVIEW � ACCESS CONTROL			Access Control
AC-15	AUTOMATED MARKING			Access Control
AC-16	SECURITY ATTRIBUTES		P0	Access Control
AC-23	DATA MINING PROTECTION		P0	Access Control
AC-24	ACCESS CONTROL DECISIONS		P0	Access Control
AC-25	REFERENCE MONITOR		P0	Access Control
AT-5	CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS			Awareness And Training
AU-13	MONITORING FOR INFORMATION DISCLOSURE		P0	Audit And Accountability
AU-14	SESSION AUDIT		P0	Audit And Accountability
AU-15	ALTERNATE AUDIT CAPABILITY		P0	Audit And Accountability
AU-16	CROSS-ORGANIZATIONAL AUDITING		P0	Audit And Accountability
CA-4	SECURITY CERTIFICATION			Security Assessment And Authorization
CP-5	CONTINGENCY PLAN UPDATE			Contingency Planning
CP-11	ALTERNATE COMMUNICATIONS PROTOCOLS		P0	Contingency Planning
CP-12	SAFE MODE		P0	Contingency Planning
CP-13	ALTERNATIVE SECURITY MECHANISMS		P0	Contingency Planning
IA-9	SERVICE IDENTIFICATION AND AUTHENTICATION		P0	Identification And Authentication
IA-10	ADAPTIVE IDENTIFICATION AND AUTHENTICATION		P0	Identification And Authentication
IA-11	RE-AUTHENTICATION		P0	Identification And Authentication
IR-9	INFORMATION SPILLAGE RESPONSE		P0	Incident Response
IR-10	INTEGRATED INFORMATION SECURITY ANALYSIS TEAM		P0	Incident Response
MP-8	MEDIA DOWNGRADING		P0	Media Protection
PE-7	VISITOR CONTROL			Physical And Environmental Protection
PE-19	INFORMATION LEAKAGE		P0	Physical And Environmental Protection
PE-20	ASSET MONITORING AND TRACKING		P0	Physical And Environmental Protection
PL-3	SYSTEM SECURITY PLAN UPDATE			Planning
PL-5	PRIVACY IMPACT ASSESSMENT			Planning
PL-6	SECURITY-RELATED ACTIVITY PLANNING			Planning
PL-7	SECURITY CONCEPT OF OPERATIONS		P0	Planning
PL-9	CENTRAL MANAGEMENT		P0	Planning
RA-4	RISK ASSESSMENT UPDATE			Risk Assessment
RA-6	TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY		P0	Risk Assessment
SA-6	SOFTWARE USAGE RESTRICTIONS			System And Services Acquisition
SA-7	USER-INSTALLED SOFTWARE			System And Services Acquisition
SA-13	TRUSTWORTHINESS		P0	System And Services Acquisition
SA-14	CRITICALITY ANALYSIS		P0	System And Services Acquisition
SA-18	TAMPER RESISTANCE AND DETECTION		P0	System And Services Acquisition
SA-19	COMPONENT AUTHENTICITY		P0	System And Services Acquisition
SA-20	CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS		P0	System And Services Acquisition
SA-21	DEVELOPER SCREENING		P0	System And Services Acquisition
SA-22	UNSUPPORTED SYSTEM COMPONENTS		P0	System And Services Acquisition
SC-6	RESOURCE AVAILABILITY		P0	System And Communications Protection
SC-9	TRANSMISSION CONFIDENTIALITY			System And Communications Protection
SC-11	TRUSTED PATH		P0	System And Communications Protection
SC-14	PUBLIC ACCESS PROTECTIONS			System And Communications Protection
SC-16	TRANSMISSION OF SECURITY ATTRIBUTES		P0	System And Communications Protection
SC-25	THIN NODES		P0	System And Communications Protection
SC-26	HONEYPOTS		P0	System And Communications Protection
SC-27	PLATFORM-INDEPENDENT APPLICATIONS		P0	System And Communications Protection
SC-29	HETEROGENEITY		P0	System And Communications Protection
SC-30	CONCEALMENT AND MISDIRECTION		P0	System And Communications Protection
SC-31	COVERT CHANNEL ANALYSIS		P0	System And Communications Protection
SC-32	INFORMATION SYSTEM PARTITIONING		P0	System And Communications Protection
SC-33	TRANSMISSION PREPARATION INTEGRITY			System And Communications Protection
SC-34	NON-MODIFIABLE EXECUTABLE PROGRAMS		P0	System And Communications Protection
SC-35	HONEYCLIENTS		P0	System And Communications Protection
SC-36	DISTRIBUTED PROCESSING AND STORAGE		P0	System And Communications Protection
SC-37	OUT-OF-BAND CHANNELS		P0	System And Communications Protection
SC-38	OPERATIONS SECURITY		P0	System And Communications Protection
SC-40	WIRELESS LINK PROTECTION		P0	System And Communications Protection
SC-41	PORT AND I/O DEVICE ACCESS		P0	System And Communications Protection
SC-42	SENSOR CAPABILITY AND DATA		P0	System And Communications Protection
SC-43	USAGE RESTRICTIONS		P0	System And Communications Protection
SC-44	DETONATION CHAMBERS		P0	System And Communications Protection
SI-9	INFORMATION INPUT RESTRICTIONS			System And Information Integrity
SI-13	PREDICTABLE FAILURE PREVENTION		P0	System And Information Integrity
SI-14	NON-PERSISTENCE		P0	System And Information Integrity
SI-15	INFORMATION OUTPUT FILTERING		P0	System And Information Integrity
SI-17	FAIL-SAFE PROCEDURES		P0	System And Information Integrity
PM-1	INFORMATION SECURITY PROGRAM PLAN			Program Management
PM-2	SENIOR INFORMATION SECURITY OFFICER			Program Management
PM-3	INFORMATION SECURITY RESOURCES			Program Management
PM-4	PLAN OF ACTION AND MILESTONES PROCESS			Program Management
PM-5	INFORMATION SYSTEM INVENTORY			Program Management
PM-6	INFORMATION SECURITY MEASURES OF PERFORMANCE			Program Management
PM-7	ENTERPRISE ARCHITECTURE			Program Management
PM-8	CRITICAL INFRASTRUCTURE PLAN			Program Management
PM-9	RISK MANAGEMENT STRATEGY			Program Management
PM-10	SECURITY AUTHORIZATION PROCESS			Program Management
PM-11	MISSION/BUSINESS PROCESS DEFINITION			Program Management
PM-12	INSIDER THREAT PROGRAM			Program Management
PM-13	INFORMATION SECURITY WORKFORCE			Program Management
PM-14	TESTING, TRAINING, AND MONITORING			Program Management
PM-15	CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS			Program Management
PM-16	THREAT AWARENESS PROGRAM			Program Management