Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 28749
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 71136
13-05 Controls catalog SQL export	Hits: 10086
AC-01 Access Control Policies and Procedures	Hits: 45732
AC-02 Account Management	Hits: 29584
AC-03 Access Enforcement	Hits: 33024
AC-04 Information Flow Enforcement	Hits: 34304
AC-05 Separation Of Duties	Hits: 18678
AC-06 Least Privilege	Hits: 18673
AC-07 Unsuccessful Login Attempts	Hits: 17531
AC-08 System Use Notification	Hits: 15248
AC-09 Previous Logon Notification	Hits: 13061
AC-10 Concurrent Session Control	Hits: 14557
AC-11 Session Lock	Hits: 16957
AC-12 Session Termination	Hits: 15709
AC-13 Supervision And Review -- Access Control	Hits: 11437
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10324
AC-15 Automated Marking	Hits: 8740
AC-16 Automated Labeling	Hits: 8211
AC-17 Remote Access	Hits: 17098
AC-18 Wireless Access Restrictions	Hits: 15807
AC-19 Access Control For Portable And Mobile Devices	Hits: 15507
AC-20 Use Of External Information Systems	Hits: 15386
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17603
AT-02 Security Awareness	Hits: 15788
AT-03 Security Training	Hits: 15250
AT-04 Security Training Records	Hits: 10541
AT-05 Contacts With Security Groups And Associations	Hits: 8655
AU-01 Audit And Accountability Policy And Procedures	Hits: 18988
AU-02 Auditable Events	Hits: 25011
AU-03 Content Of Audit Records	Hits: 15529
AU-04 Audit Storage Capacity	Hits: 12471
AU-05 Response To Audit Processing Failures	Hits: 15479
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 31762
AU-07 Audit Reduction And Report Generation	Hits: 15484
AU-08 Time Stamps	Hits: 12159
AU-09 Protection Of Audit Information	Hits: 15521
AU-10 Non-Repudiation	Hits: 16435
AU-11 Audit Record Retention	Hits: 14008
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15540
CA-02 Security Assessments	Hits: 19378
CA-03 Information System Connections	Hits: 11464
CA-04 Security Certification	Hits: 14176
CA-05 Plan Of Action And Milestones	Hits: 10254
CA-06 Security Accreditation	Hits: 11927
CA-07 Continuous Monitoring	Hits: 17724
CM-01 Configuration Management Policy And Procedures	Hits: 16824
CM-02 Baseline Configuration	Hits: 19422
CM-03 Configuration Change Control	Hits: 17532
CM-04 Monitoring Configuration Changes	Hits: 11882
CM-05 Access Restrictions For Change	Hits: 15036
CM-06 Configuration Settings	Hits: 14583
CM-07 Least Functionality	Hits: 21964
CM-08 Information System Component Inventory	Hits: 15760
CP-01 Contingency Planning Policy And Procedures	Hits: 12049
CP-02 Contingency Plan	Hits: 12188
CP-03 Contingency Training	Hits: 10144
CP-04 Contingency Plan Testing And Exercises	Hits: 17692
CP-05 Contingency Plan Update	Hits: 9267
CP-06 Alternate Storage Site	Hits: 10516
CP-07 Alternate Processing Site	Hits: 12874
CP-08 Telecommunications Services	Hits: 7707
CP-09 Information System Backup	Hits: 15470
CP-10 Information System Recovery And Reconstitution	Hits: 14565
IA-01 Identification And Authentication Policy And Procedures	Hits: 18354
IA-02 User Identification And Authentication	Hits: 25105
IA-03 Device Identification And Authentication	Hits: 21297
IA-04 Identifier Management	Hits: 14927
IA-05 Authenticator Management	Hits: 17907
IA-06 Authenticator Feedback	Hits: 12485
IA-07 Cryptographic Module Authentication	Hits: 18247
IR-01 Incident Response Policy And Procedures	Hits: 13475
IR-02 Incident Response Training	Hits: 11594
IR-03 Incident Response Testing And Exercises	Hits: 13976
IR-04 Incident Handling	Hits: 21412
IR-05 Incident Monitoring	Hits: 11816
IR-06 Incident Reporting	Hits: 11696
IR-07 Incident Response Assistance	Hits: 12019
MA-01 System Maintenance Policy And Procedures	Hits: 12139
MA-02 Controlled Maintenance	Hits: 12901
MA-03 Maintenance Tools	Hits: 11169
MA-04 Remote Maintenance	Hits: 12814
MA-05 Maintenance Personnel	Hits: 9126
MA-06 Timely Maintenance	Hits: 10241
MP-01 Media Protection Policy And Procedures	Hits: 11719
MP-02 Media Access	Hits: 11690
MP-03 Media Labeling	Hits: 8411
MP-04 Media Storage	Hits: 8863
MP-05 Media Transport	Hits: 9037
MP-06 Media Sanitization And Disposal	Hits: 9895
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11296
PE-02 Physical Access Authorizations	Hits: 9884
PE-03 Physical Access Control	Hits: 12741
PE-04 Access Control For Transmission Medium	Hits: 9715
PE-05 Access Control For Display Medium	Hits: 8799
PE-06 Monitoring Physical Access	Hits: 11453
PE-07 Visitor Control	Hits: 7831
PE-08 Access Records	Hits: 6775
PE-09 Power Equipment And Power Cabling	Hits: 9306
PE-10 Emergency Shutoff	Hits: 8734
PE-11 Emergency Power	Hits: 8356
PE-12 Emergency Lighting	Hits: 8501
PE-13 Fire Protection	Hits: 8887
PE-14 Temperature And Humidity Controls	Hits: 8418
PE-15 Water Damage Protection	Hits: 8507
PE-16 Delivery And Removal	Hits: 8839
PE-17 Alternate Work Site	Hits: 7002
PE-18 Location Of Information System Components	Hits: 7016
PE-19 Information Leakage	Hits: 8594
PL-01 Security Planning Policy And Procedures	Hits: 15573
PL-02 System Security Plan	Hits: 10648
PL-03 System Security Plan Update	Hits: 6249
PL-04 Rules Of Behavior	Hits: 11963
PL-05 Privacy Impact Assessment	Hits: 8398
PL-06 Security-Related Activity Planning	Hits: 6560
PS-01 Personnel Security Policy And Procedures	Hits: 12818
PS-02 Position Categorization	Hits: 7322
PS-03 Personnel Screening	Hits: 7970
PS-04 Personnel Termination	Hits: 6659
PS-05 Personnel Transfer	Hits: 6269
PS-06 Access Agreements	Hits: 11380
PS-07 Third-Party Personnel Security	Hits: 11074
PS-08 Personnel Sanctions	Hits: 8076
RA-01 Risk Assessment Policy And Procedures	Hits: 11722
RA-02 Security Categorization	Hits: 14238
RA-03 Risk Assessment	Hits: 16173
RA-04 Risk Assessment Update	Hits: 10916
RA-05 Vulnerability Scanning	Hits: 18667
SA-01 System And Services Acquisition Policy And Procedures	Hits: 16204
SA-02 Allocation Of Resources	Hits: 12077
SA-03 Life Cycle Support	Hits: 14217
SA-04 Acquisitions	Hits: 13355
SA-05 Information System Documentation	Hits: 22270
SA-06 Software Usage Restrictions	Hits: 10772
SA-07 User Installed Software	Hits: 10461
SA-08 Security Engineering Principles	Hits: 17767
SA-09 External Information System Services	Hits: 13096
SA-10 Developer Configuration Management	Hits: 11708
SA-11 Developer Security Testing	Hits: 10260
SC-01 System And Communications Protection Policy And Procedures	Hits: 14169
SC-02 Application Partitioning	Hits: 13219
SC-03 Security Function Isolation	Hits: 15963
SC-04 Information Remnance	Hits: 17014
SC-05 Denial Of Service Protection	Hits: 15740
SC-06 Resource Priority	Hits: 10800
SC-07 Boundary Protection	Hits: 26948
SC-08 Transmission Integrity	Hits: 18389
SC-09 Transmission Confidentiality	Hits: 17078
SC-10 Network Disconnect	Hits: 11423
SC-11 Trusted Path	Hits: 13913
SC-12 Cryptographic Key Establishment And Management	Hits: 15019
SC-13 Use Of Cryptography	Hits: 16067
SC-14 Public Access Protections	Hits: 9559
SC-15 Collaborative Computing	Hits: 12266
SC-16 Transmission Of Security Parameters	Hits: 7293
SC-17 Public Key Infrastructure Certificates	Hits: 8226
SC-18 Mobile Code	Hits: 16811
SC-19 Voice Over Internet Protocol	Hits: 6910
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 16405
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9497
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 9062
SC-23 Session Authenticity	Hits: 17438
SI-01 System And Information Integrity Policy And Procedures	Hits: 12856
SI-02 Flaw Remediation	Hits: 23294
SI-03 Malicious Code Protection	Hits: 21434
SI-04 Information System Monitoring Tools And Techniques	Hits: 23678
SI-05 Security Alerts And Advisories	Hits: 12716
SI-06 Security Functionality Verification	Hits: 17862
SI-07 Software And Information Integrity	Hits: 16894
SI-08 Spam Protection	Hits: 8200
SI-09 Information Input Restrictions	Hits: 8388
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 17236
SI-11 Error Handling	Hits: 12753
SI-12 Information Output Handling And Retention	Hits: 10117