11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Title Filter     Display # 
# Article Title Hits
1 13-05 All Controls 5843
2 13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 18964
3 13-05 Controls catalog SQL export 2153
4 AC-01 Access Control Policies and Procedures 11709
5 AC-02 Account Management 6593
6 AC-03 Access Enforcement 6817
7 AC-04 Information Flow Enforcement 7485
8 AC-05 Separation Of Duties 4414
9 AC-06 Least Privilege 4172
10 AC-07 Unsuccessful Login Attempts 4014
11 AC-08 System Use Notification 3400
12 AC-09 Previous Logon Notification 4435
13 AC-10 Concurrent Session Control 3293
14 AC-11 Session Lock 3415
15 AC-12 Session Termination 3291
16 AC-13 Supervision And Review -- Access Control 2891
17 AC-14 Permitted Actions Without Identification Or Authentication 2117
18 AC-15 Automated Marking 2291
19 AC-16 Automated Labeling 2163
20 AC-17 Remote Access 3228
21 AC-18 Wireless Access Restrictions 3065
22 AC-19 Access Control For Portable And Mobile Devices 3294
23 AC-20 Use Of External Information Systems 2383
24 AT-01 Security Awareness And Training Policy And Procedures 4112
25 AT-02 Security Awareness 4165
26 AT-03 Security Training 3906
27 AT-04 Security Training Records 2780
28 AT-05 Contacts With Security Groups And Associations 2009
29 AU-01 Audit And Accountability Policy And Procedures 3903
30 AU-02 Auditable Events 5201
31 AU-03 Content Of Audit Records 3268
32 AU-04 Audit Storage Capacity 2958
33 AU-05 Response To Audit Processing Failures 3442
34 AU-06 Audit Monitoring, Analysis, And Reporting 7107
35 AU-07 Audit Reduction And Report Generation 3826
36 AU-08 Time Stamps 2823
37 AU-09 Protection Of Audit Information 3591
38 AU-10 Non-Repudiation 4742
39 AU-11 Audit Record Retention 4339
40 CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures 3884
41 CA-02 Security Assessments 4305
42 CA-03 Information System Connections 2748
43 CA-04 Security Certification 3655
44 CA-05 Plan Of Action And Milestones 2840
45 CA-06 Security Accreditation 3057
46 CA-07 Continuous Monitoring 4086
47 CM-01 Configuration Management Policy And Procedures 4344
48 CM-02 Baseline Configuration 4791
49 CM-03 Configuration Change Control 3777
50 CM-04 Monitoring Configuration Changes 3087
51 CM-05 Access Restrictions For Change 3369
52 CM-06 Configuration Settings 3071
53 CM-07 Least Functionality 3774
54 CM-08 Information System Component Inventory 3402
55 CP-01 Contingency Planning Policy And Procedures 2752
56 CP-02 Contingency Plan 2611
57 CP-03 Contingency Training 2463
58 CP-04 Contingency Plan Testing And Exercises 3549
59 CP-05 Contingency Plan Update 2447
60 CP-06 Alternate Storage Site 2506
61 CP-07 Alternate Processing Site 3066
62 CP-08 Telecommunications Services 1806
63 CP-09 Information System Backup 3312
64 CP-10 Information System Recovery And Reconstitution 3027
65 IA-01 Identification And Authentication Policy And Procedures 4214
66 IA-02 User Identification And Authentication 5591
67 IA-03 Device Identification And Authentication 4593
68 IA-04 Identifier Management 3267
69 IA-05 Authenticator Management 4240
70 IA-06 Authenticator Feedback 2796
71 IA-07 Cryptographic Module Authentication 4348
72 IR-01 Incident Response Policy And Procedures 2871
73 IR-02 Incident Response Training 2788
74 IR-03 Incident Response Testing And Exercises 3301
75 IR-04 Incident Handling 4528
76 IR-05 Incident Monitoring 2762
77 IR-06 Incident Reporting 2889
78 IR-07 Incident Response Assistance 2790
79 MA-01 System Maintenance Policy And Procedures 2783
80 MA-02 Controlled Maintenance 2927
81 MA-03 Maintenance Tools 2759
82 MA-04 Remote Maintenance 2849
83 MA-05 Maintenance Personnel 2439
84 MA-06 Timely Maintenance 2756
85 MP-01 Media Protection Policy And Procedures 3126
86 MP-02 Media Access 2781
87 MP-03 Media Labeling 2006
88 MP-04 Media Storage 2172
89 MP-05 Media Transport 1971
90 MP-06 Media Sanitization And Disposal 2089
91 PE-01 Physical And Environmental Protection Policy And Procedures 2515
92 PE-02 Physical Access Authorizations 2380
93 PE-03 Physical Access Control 2612
94 PE-04 Access Control For Transmission Medium 1878
95 PE-05 Access Control For Display Medium 2251
96 PE-06 Monitoring Physical Access 2562
97 PE-07 Visitor Control 1707
98 PE-08 Access Records 1665
99 PE-09 Power Equipment And Power Cabling 2220
100 PE-10 Emergency Shutoff 2146
101 PE-11 Emergency Power 2102
102 PE-12 Emergency Lighting 2061
103 PE-13 Fire Protection 2092
104 PE-14 Temperature And Humidity Controls 2088
105 PE-15 Water Damage Protection 2100
106 PE-16 Delivery And Removal 2090
107 PE-17 Alternate Work Site 1687
108 PE-18 Location Of Information System Components 1830
109 PE-19 Information Leakage 2018
110 PL-01 Security Planning Policy And Procedures 4084
111 PL-02 System Security Plan 2657
112 PL-03 System Security Plan Update 1683
113 PL-04 Rules Of Behavior 2810
114 PL-05 Privacy Impact Assessment 1952
115 PL-06 Security-Related Activity Planning 1721
116 PS-01 Personnel Security Policy And Procedures 2498
117 PS-02 Position Categorization 1913
118 PS-03 Personnel Screening 1754
119 PS-04 Personnel Termination 1783
120 PS-05 Personnel Transfer 1739
121 PS-06 Access Agreements 2855
122 PS-07 Third-Party Personnel Security 2469
123 PS-08 Personnel Sanctions 1837
124 RA-01 Risk Assessment Policy And Procedures 2908
125 RA-02 Security Categorization 2730
126 RA-03 Risk Assessment 3685
127 RA-04 Risk Assessment Update 2994
128 RA-05 Vulnerability Scanning 3475
129 SA-01 System And Services Acquisition Policy And Procedures 3075
130 SA-02 Allocation Of Resources 3150
131 SA-03 Life Cycle Support 3246
132 SA-04 Acquisitions 2998
133 SA-05 Information System Documentation 5066
134 SA-06 Software Usage Restrictions 2656
135 SA-07 User Installed Software 2506
136 SA-08 Security Engineering Principles 3734
137 SA-09 External Information System Services 2838
138 SA-10 Developer Configuration Management 2677
139 SA-11 Developer Security Testing 2749
140 SC-01 System And Communications Protection Policy And Procedures 3190
141 SC-02 Application Partitioning 3121
142 SC-03 Security Function Isolation 4034
143 SC-04 Information Remnance 5346
144 SC-05 Denial Of Service Protection 3797
145 SC-06 Resource Priority 2803
146 SC-07 Boundary Protection 4893
147 SC-08 Transmission Integrity 4330
148 SC-09 Transmission Confidentiality 4035
149 SC-10 Network Disconnect 2888
150 SC-11 Trusted Path 3233
151 SC-12 Cryptographic Key Establishment And Management 3299
152 SC-13 Use Of Cryptography 3739
153 SC-14 Public Access Protections 2578
154 SC-15 Collaborative Computing 2833
155 SC-16 Transmission Of Security Parameters 1890
156 SC-17 Public Key Infrastructure Certificates 1936
157 SC-18 Mobile Code 3814
158 SC-19 Voice Over Internet Protocol 1832
159 SC-20 Secure Name / Address Resolution Service (Authoritative Source) 3337
160 SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) 1970
161 SC-22 Architecture And Provisioning For Name / Address Resolution Service 1984
162 SC-23 Session Authenticity 3825
163 SI-01 System And Information Integrity Policy And Procedures 3291
164 SI-02 Flaw Remediation 4391
165 SI-03 Malicious Code Protection 5116
166 SI-04 Information System Monitoring Tools And Techniques 3469
167 SI-05 Security Alerts And Advisories 2825
168 SI-06 Security Functionality Verification 2846
169 SI-07 Software And Information Integrity 5436
170 SI-08 Spam Protection 1844
171 SI-09 Information Input Restrictions 2015
172 SI-10 Information Accuracy, Completeness, Validity, And Authenticity 4963
173 SI-11 Error Handling 2916
174 SI-12 Information Output Handling And Retention 2336