08.02 Control Catalog

We're on control catalog release 08.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2009 or so, so please keep checking back. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Title Filter     Display # 
# Article Title Hits
1 08-02 All Controls 1559
2 08-02 Control mapping (NIST 800-53 vs ISO 17799 vs COBIT 4.1) 7901
3 08-02 Controls catalog SQL export 415
4 AC-01 Access Control Policies and Procedures 4356
5 AC-02 Account Management 1851
6 AC-03 Access Enforcement 2022
7 AC-04 Information Flow Enforcement 2438
8 AC-05 Separation Of Duties 1347
9 AC-06 Least Privilege 1266
10 AC-07 Unsuccessful Login Attempts 1284
11 AC-08 System Use Notification 1042
12 AC-09 Previous Logon Notification 1744
13 AC-10 Concurrent Session Control 1166
14 AC-11 Session Lock 1142
15 AC-12 Session Termination 1006
16 AC-13 Supervision And Review -- Access Control 803
17 AC-14 Permitted Actions Without Identification Or Authentication 693
18 AC-15 Automated Marking 753
19 AC-16 Automated Labeling 659
20 AC-17 Remote Access 937
21 AC-18 Wireless Access Restrictions 826
22 AC-19 Access Control For Portable And Mobile Devices 936
23 AC-20 Use Of External Information Systems 744
24 AT-01 Security Awareness And Training Policy And Procedures 1117
25 AT-02 Security Awareness 1202
26 AT-03 Security Training 1181
27 AT-04 Security Training Records 846
28 AT-05 Contacts With Security Groups And Associations 604
29 AU-01 Audit And Accountability Policy And Procedures 1248
30 AU-02 Auditable Events 1360
31 AU-03 Content Of Audit Records 1043
32 AU-04 Audit Storage Capacity 908
33 AU-05 Response To Audit Processing Failures 964
34 AU-06 Audit Monitoring, Analysis, And Reporting 1536
35 AU-07 Audit Reduction And Report Generation 1329
36 AU-08 Time Stamps 880
37 AU-09 Protection Of Audit Information 904
38 AU-10 Non-Repudiation 933
39 AU-11 Audit Record Retention 972
40 CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures 1056
41 CA-02 Security Assessments 1341
42 CA-03 Information System Connections 752
43 CA-04 Security Certification 1120
44 CA-05 Plan Of Action And Milestones 900
45 CA-06 Security Accreditation 908
46 CA-07 Continuous Monitoring 1131
47 CM-01 Configuration Management Policy And Procedures 1202
48 CM-02 Baseline Configuration 1487
49 CM-03 Configuration Change Control 1100
50 CM-04 Monitoring Configuration Changes 939
51 CM-05 Access Restrictions For Change 1079
52 CM-06 Configuration Settings 885
53 CM-07 Least Functionality 1097
54 CM-08 Information System Component Inventory 965
55 CP-01 Contingency Planning Policy And Procedures 611
56 CP-02 Contingency Plan 814
57 CP-03 Contingency Training 777
58 CP-04 Contingency Plan Testing And Exercises 878
59 CP-05 Contingency Plan Update 704
60 CP-06 Alternate Storage Site 733
61 CP-07 Alternate Processing Site 798
62 CP-08 Telecommunications Services 545
63 CP-09 Information System Backup 937
64 CP-10 Information System Recovery And Reconstitution 944
65 IA-01 Identification And Authentication Policy And Procedures 1227
66 IA-02 User Identification And Authentication 1603
67 IA-03 Device Identification And Authentication 1041
68 IA-04 Identifier Management 625
69 IA-05 Authenticator Management 637
70 IA-06 Authenticator Feedback 823
71 IA-07 Cryptographic Module Authentication 1196
72 IR-01 Incident Response Policy And Procedures 671
73 IR-02 Incident Response Training 875
74 IR-03 Incident Response Testing And Exercises 1049
75 IR-04 Incident Handling 873
76 IR-05 Incident Monitoring 811
77 IR-06 Incident Reporting 855
78 IR-07 Incident Response Assistance 790
79 MA-01 System Maintenance Policy And Procedures 698
80 MA-02 Controlled Maintenance 909
81 MA-03 Maintenance Tools 756
82 MA-04 Remote Maintenance 851
83 MA-05 Maintenance Personnel 737
84 MA-06 Timely Maintenance 820
85 MP-01 Media Protection Policy And Procedures 837
86 MP-02 Media Access 794
87 MP-03 Media Labeling 570
88 MP-04 Media Storage 552
89 MP-05 Media Transport 539
90 MP-06 Media Sanitization And Disposal 517
91 PE-01 Physical And Environmental Protection Policy And Procedures 567
92 PE-02 Physical Access Authorizations 710
93 PE-03 Physical Access Control 739
94 PE-04 Access Control For Transmission Medium 503
95 PE-05 Access Control For Display Medium 663
96 PE-06 Monitoring Physical Access 735
97 PE-07 Visitor Control 496
98 PE-08 Access Records 481
99 PE-09 Power Equipment And Power Cabling 658
100 PE-10 Emergency Shutoff 649
101 PE-11 Emergency Power 620
102 PE-12 Emergency Lighting 638
103 PE-13 Fire Protection 599
104 PE-14 Temperature And Humidity Controls 606
105 PE-15 Water Damage Protection 606
106 PE-16 Delivery And Removal 613
107 PE-17 Alternate Work Site 450
108 PE-18 Location Of Information System Components 489
109 PE-19 Information Leakage 542
110 PL-01 Security Planning Policy And Procedures 802
111 PL-02 System Security Plan 901
112 PL-03 System Security Plan Update 454
113 PL-04 Rules Of Behavior 808
114 PL-05 Privacy Impact Assessment 536
115 PL-06 Security-Related Activity Planning 506
116 PS-01 Personnel Security Policy And Procedures 568
117 PS-02 Position Categorization 513
118 PS-03 Personnel Screening 487
119 PS-04 Personnel Termination 511
120 PS-05 Personnel Transfer 466
121 PS-06 Access Agreements 803
122 PS-07 Third-Party Personnel Security 633
123 PS-08 Personnel Sanctions 500
124 RA-01 Risk Assessment Policy And Procedures 734
125 RA-02 Security Categorization 835
126 RA-03 Risk Assessment 1108
127 RA-04 Risk Assessment Update 838
128 RA-05 Vulnerability Scanning 961
129 SA-01 System And Services Acquisition Policy And Procedures 772
130 SA-02 Allocation Of Resources 944
131 SA-03 Life Cycle Support 998
132 SA-04 Acquisitions 848
133 SA-05 Information System Documentation 1127
134 SA-06 Software Usage Restrictions 822
135 SA-07 User Installed Software 738
136 SA-08 Security Engineering Principles 1180
137 SA-09 External Information System Services 673
138 SA-10 Developer Configuration Management 783
139 SA-11 Developer Security Testing 764
140 SC-01 System And Communications Protection Policy And Procedures 799
141 SC-02 Application Partitioning 830
142 SC-03 Security Function Isolation 1107
143 SC-04 Information Remnance 1942
144 SC-05 Denial Of Service Protection 1134
145 SC-06 Resource Priority 780
146 SC-07 Boundary Protection 1060
147 SC-08 Transmission Integrity 1195
148 SC-09 Transmission Confidentiality 1140
149 SC-10 Network Disconnect 821
150 SC-11 Trusted Path 965
151 SC-12 Cryptographic Key Establishment And Management 903
152 SC-13 Use Of Cryptography 1104
153 SC-14 Public Access Protections 739
154 SC-15 Collaborative Computing 844
155 SC-16 Transmission Of Security Parameters 529
156 SC-17 Public Key Infrastructure Certificates 539
157 SC-18 Mobile Code 1037
158 SC-19 Voice Over Internet Protocol 537
159 SC-20 Secure Name / Address Resolution Service (Authoritative Source) 986
160 SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) 548
161 SC-22 Architecture And Provisioning For Name / Address Resolution Service 480
162 SC-23 Session Authenticity 1215
163 SI-01 System And Information Integrity Policy And Procedures 733
164 SI-02 Flaw Remediation 1266
165 SI-03 Malicious Code Protection 1452
166 SI-04 Information System Monitoring Tools And Techniques 887
167 SI-05 Security Alerts And Advisories 900
168 SI-06 Security Functionality Verification 869
169 SI-07 Software And Information Integrity 853
170 SI-08 Spam Protection 496
171 SI-09 Information Input Restrictions 637
172 SI-10 Information Accuracy, Completeness, Validity, And Authenticity 1221
173 SI-11 Error Handling 909
174 SI-12 Information Output Handling And Retention 682