Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 28136
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 69993
13-05 Controls catalog SQL export	Hits: 9796
AC-01 Access Control Policies and Procedures	Hits: 44705
AC-02 Account Management	Hits: 28611
AC-03 Access Enforcement	Hits: 31996
AC-04 Information Flow Enforcement	Hits: 33098
AC-05 Separation Of Duties	Hits: 18153
AC-06 Least Privilege	Hits: 18064
AC-07 Unsuccessful Login Attempts	Hits: 17031
AC-08 System Use Notification	Hits: 14690
AC-09 Previous Logon Notification	Hits: 12755
AC-10 Concurrent Session Control	Hits: 14218
AC-11 Session Lock	Hits: 16531
AC-12 Session Termination	Hits: 15217
AC-13 Supervision And Review -- Access Control	Hits: 11130
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10009
AC-15 Automated Marking	Hits: 8476
AC-16 Automated Labeling	Hits: 7911
AC-17 Remote Access	Hits: 16591
AC-18 Wireless Access Restrictions	Hits: 15349
AC-19 Access Control For Portable And Mobile Devices	Hits: 15030
AC-20 Use Of External Information Systems	Hits: 14910
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17135
AT-02 Security Awareness	Hits: 15360
AT-03 Security Training	Hits: 14814
AT-04 Security Training Records	Hits: 10213
AT-05 Contacts With Security Groups And Associations	Hits: 8421
AU-01 Audit And Accountability Policy And Procedures	Hits: 18508
AU-02 Auditable Events	Hits: 24157
AU-03 Content Of Audit Records	Hits: 14869
AU-04 Audit Storage Capacity	Hits: 12091
AU-05 Response To Audit Processing Failures	Hits: 15089
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 30716
AU-07 Audit Reduction And Report Generation	Hits: 15143
AU-08 Time Stamps	Hits: 11790
AU-09 Protection Of Audit Information	Hits: 15011
AU-10 Non-Repudiation	Hits: 15950
AU-11 Audit Record Retention	Hits: 13619
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15126
CA-02 Security Assessments	Hits: 18829
CA-03 Information System Connections	Hits: 11106
CA-04 Security Certification	Hits: 13821
CA-05 Plan Of Action And Milestones	Hits: 10005
CA-06 Security Accreditation	Hits: 11623
CA-07 Continuous Monitoring	Hits: 17197
CM-01 Configuration Management Policy And Procedures	Hits: 16405
CM-02 Baseline Configuration	Hits: 18865
CM-03 Configuration Change Control	Hits: 17005
CM-04 Monitoring Configuration Changes	Hits: 11537
CM-05 Access Restrictions For Change	Hits: 14615
CM-06 Configuration Settings	Hits: 14073
CM-07 Least Functionality	Hits: 21362
CM-08 Information System Component Inventory	Hits: 15214
CP-01 Contingency Planning Policy And Procedures	Hits: 11778
CP-02 Contingency Plan	Hits: 11893
CP-03 Contingency Training	Hits: 9890
CP-04 Contingency Plan Testing And Exercises	Hits: 17266
CP-05 Contingency Plan Update	Hits: 9032
CP-06 Alternate Storage Site	Hits: 10292
CP-07 Alternate Processing Site	Hits: 12572
CP-08 Telecommunications Services	Hits: 7529
CP-09 Information System Backup	Hits: 15107
CP-10 Information System Recovery And Reconstitution	Hits: 14219
IA-01 Identification And Authentication Policy And Procedures	Hits: 17874
IA-02 User Identification And Authentication	Hits: 24305
IA-03 Device Identification And Authentication	Hits: 20709
IA-04 Identifier Management	Hits: 14475
IA-05 Authenticator Management	Hits: 17508
IA-06 Authenticator Feedback	Hits: 12071
IA-07 Cryptographic Module Authentication	Hits: 17788
IR-01 Incident Response Policy And Procedures	Hits: 13192
IR-02 Incident Response Training	Hits: 11293
IR-03 Incident Response Testing And Exercises	Hits: 13668
IR-04 Incident Handling	Hits: 20786
IR-05 Incident Monitoring	Hits: 11444
IR-06 Incident Reporting	Hits: 11383
IR-07 Incident Response Assistance	Hits: 11685
MA-01 System Maintenance Policy And Procedures	Hits: 11892
MA-02 Controlled Maintenance	Hits: 12532
MA-03 Maintenance Tools	Hits: 10902
MA-04 Remote Maintenance	Hits: 12465
MA-05 Maintenance Personnel	Hits: 8921
MA-06 Timely Maintenance	Hits: 10003
MP-01 Media Protection Policy And Procedures	Hits: 11507
MP-02 Media Access	Hits: 11347
MP-03 Media Labeling	Hits: 8190
MP-04 Media Storage	Hits: 8631
MP-05 Media Transport	Hits: 8807
MP-06 Media Sanitization And Disposal	Hits: 9679
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11082
PE-02 Physical Access Authorizations	Hits: 9662
PE-03 Physical Access Control	Hits: 12430
PE-04 Access Control For Transmission Medium	Hits: 9409
PE-05 Access Control For Display Medium	Hits: 8609
PE-06 Monitoring Physical Access	Hits: 11174
PE-07 Visitor Control	Hits: 7616
PE-08 Access Records	Hits: 6621
PE-09 Power Equipment And Power Cabling	Hits: 9066
PE-10 Emergency Shutoff	Hits: 8532
PE-11 Emergency Power	Hits: 8174
PE-12 Emergency Lighting	Hits: 8312
PE-13 Fire Protection	Hits: 8680
PE-14 Temperature And Humidity Controls	Hits: 8218
PE-15 Water Damage Protection	Hits: 8310
PE-16 Delivery And Removal	Hits: 8634
PE-17 Alternate Work Site	Hits: 6810
PE-18 Location Of Information System Components	Hits: 6827
PE-19 Information Leakage	Hits: 8349
PL-01 Security Planning Policy And Procedures	Hits: 15242
PL-02 System Security Plan	Hits: 10378
PL-03 System Security Plan Update	Hits: 6115
PL-04 Rules Of Behavior	Hits: 11642
PL-05 Privacy Impact Assessment	Hits: 8171
PL-06 Security-Related Activity Planning	Hits: 6406
PS-01 Personnel Security Policy And Procedures	Hits: 12518
PS-02 Position Categorization	Hits: 7122
PS-03 Personnel Screening	Hits: 7774
PS-04 Personnel Termination	Hits: 6501
PS-05 Personnel Transfer	Hits: 6123
PS-06 Access Agreements	Hits: 11034
PS-07 Third-Party Personnel Security	Hits: 10785
PS-08 Personnel Sanctions	Hits: 7866
RA-01 Risk Assessment Policy And Procedures	Hits: 11471
RA-02 Security Categorization	Hits: 13879
RA-03 Risk Assessment	Hits: 15759
RA-04 Risk Assessment Update	Hits: 10587
RA-05 Vulnerability Scanning	Hits: 18174
SA-01 System And Services Acquisition Policy And Procedures	Hits: 15820
SA-02 Allocation Of Resources	Hits: 11778
SA-03 Life Cycle Support	Hits: 13856
SA-04 Acquisitions	Hits: 12983
SA-05 Information System Documentation	Hits: 21625
SA-06 Software Usage Restrictions	Hits: 10488
SA-07 User Installed Software	Hits: 10207
SA-08 Security Engineering Principles	Hits: 17424
SA-09 External Information System Services	Hits: 12781
SA-10 Developer Configuration Management	Hits: 11395
SA-11 Developer Security Testing	Hits: 10010
SC-01 System And Communications Protection Policy And Procedures	Hits: 13879
SC-02 Application Partitioning	Hits: 12906
SC-03 Security Function Isolation	Hits: 15527
SC-04 Information Remnance	Hits: 16652
SC-05 Denial Of Service Protection	Hits: 15349
SC-06 Resource Priority	Hits: 10508
SC-07 Boundary Protection	Hits: 26213
SC-08 Transmission Integrity	Hits: 17849
SC-09 Transmission Confidentiality	Hits: 16678
SC-10 Network Disconnect	Hits: 11056
SC-11 Trusted Path	Hits: 13508
SC-12 Cryptographic Key Establishment And Management	Hits: 14655
SC-13 Use Of Cryptography	Hits: 15586
SC-14 Public Access Protections	Hits: 9346
SC-15 Collaborative Computing	Hits: 11968
SC-16 Transmission Of Security Parameters	Hits: 7114
SC-17 Public Key Infrastructure Certificates	Hits: 7992
SC-18 Mobile Code	Hits: 16312
SC-19 Voice Over Internet Protocol	Hits: 6760
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 15838
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9062
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 8682
SC-23 Session Authenticity	Hits: 16969
SI-01 System And Information Integrity Policy And Procedures	Hits: 12546
SI-02 Flaw Remediation	Hits: 22493
SI-03 Malicious Code Protection	Hits: 20885
SI-04 Information System Monitoring Tools And Techniques	Hits: 22920
SI-05 Security Alerts And Advisories	Hits: 12298
SI-06 Security Functionality Verification	Hits: 17461
SI-07 Software And Information Integrity	Hits: 16527
SI-08 Spam Protection	Hits: 7936
SI-09 Information Input Restrictions	Hits: 8171
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 16857
SI-11 Error Handling	Hits: 12310
SI-12 Information Output Handling And Retention	Hits: 9783