Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 29020
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 71409
13-05 Controls catalog SQL export	Hits: 10111
AC-01 Access Control Policies and Procedures	Hits: 45885
AC-02 Account Management	Hits: 29797
AC-03 Access Enforcement	Hits: 33117
AC-04 Information Flow Enforcement	Hits: 34199
AC-05 Separation Of Duties	Hits: 18830
AC-06 Least Privilege	Hits: 18686
AC-07 Unsuccessful Login Attempts	Hits: 17543
AC-08 System Use Notification	Hits: 15153
AC-09 Previous Logon Notification	Hits: 13038
AC-10 Concurrent Session Control	Hits: 14537
AC-11 Session Lock	Hits: 16970
AC-12 Session Termination	Hits: 15712
AC-13 Supervision And Review -- Access Control	Hits: 11548
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10275
AC-15 Automated Marking	Hits: 8776
AC-16 Automated Labeling	Hits: 8202
AC-17 Remote Access	Hits: 17109
AC-18 Wireless Access Restrictions	Hits: 15758
AC-19 Access Control For Portable And Mobile Devices	Hits: 15503
AC-20 Use Of External Information Systems	Hits: 15347
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17502
AT-02 Security Awareness	Hits: 15827
AT-03 Security Training	Hits: 15202
AT-04 Security Training Records	Hits: 10526
AT-05 Contacts With Security Groups And Associations	Hits: 8636
AU-01 Audit And Accountability Policy And Procedures	Hits: 18886
AU-02 Auditable Events	Hits: 25048
AU-03 Content Of Audit Records	Hits: 15344
AU-04 Audit Storage Capacity	Hits: 12443
AU-05 Response To Audit Processing Failures	Hits: 15474
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 31847
AU-07 Audit Reduction And Report Generation	Hits: 15488
AU-08 Time Stamps	Hits: 12155
AU-09 Protection Of Audit Information	Hits: 15552
AU-10 Non-Repudiation	Hits: 16315
AU-11 Audit Record Retention	Hits: 13970
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15547
CA-02 Security Assessments	Hits: 19363
CA-03 Information System Connections	Hits: 11409
CA-04 Security Certification	Hits: 14201
CA-05 Plan Of Action And Milestones	Hits: 10292
CA-06 Security Accreditation	Hits: 11940
CA-07 Continuous Monitoring	Hits: 17715
CM-01 Configuration Management Policy And Procedures	Hits: 16790
CM-02 Baseline Configuration	Hits: 19506
CM-03 Configuration Change Control	Hits: 17768
CM-04 Monitoring Configuration Changes	Hits: 11935
CM-05 Access Restrictions For Change	Hits: 14989
CM-06 Configuration Settings	Hits: 14546
CM-07 Least Functionality	Hits: 21902
CM-08 Information System Component Inventory	Hits: 15811
CP-01 Contingency Planning Policy And Procedures	Hits: 12030
CP-02 Contingency Plan	Hits: 12217
CP-03 Contingency Training	Hits: 10119
CP-04 Contingency Plan Testing And Exercises	Hits: 17651
CP-05 Contingency Plan Update	Hits: 9266
CP-06 Alternate Storage Site	Hits: 10552
CP-07 Alternate Processing Site	Hits: 12832
CP-08 Telecommunications Services	Hits: 7727
CP-09 Information System Backup	Hits: 15493
CP-10 Information System Recovery And Reconstitution	Hits: 14575
IA-01 Identification And Authentication Policy And Procedures	Hits: 18330
IA-02 User Identification And Authentication	Hits: 25126
IA-03 Device Identification And Authentication	Hits: 21322
IA-04 Identifier Management	Hits: 15099
IA-05 Authenticator Management	Hits: 17972
IA-06 Authenticator Feedback	Hits: 12495
IA-07 Cryptographic Module Authentication	Hits: 18238
IR-01 Incident Response Policy And Procedures	Hits: 13536
IR-02 Incident Response Training	Hits: 11597
IR-03 Incident Response Testing And Exercises	Hits: 13953
IR-04 Incident Handling	Hits: 21464
IR-05 Incident Monitoring	Hits: 11790
IR-06 Incident Reporting	Hits: 11712
IR-07 Incident Response Assistance	Hits: 12013
MA-01 System Maintenance Policy And Procedures	Hits: 12131
MA-02 Controlled Maintenance	Hits: 12918
MA-03 Maintenance Tools	Hits: 11175
MA-04 Remote Maintenance	Hits: 12870
MA-05 Maintenance Personnel	Hits: 9154
MA-06 Timely Maintenance	Hits: 10251
MP-01 Media Protection Policy And Procedures	Hits: 11770
MP-02 Media Access	Hits: 11730
MP-03 Media Labeling	Hits: 8416
MP-04 Media Storage	Hits: 8869
MP-05 Media Transport	Hits: 9050
MP-06 Media Sanitization And Disposal	Hits: 9952
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11325
PE-02 Physical Access Authorizations	Hits: 9929
PE-03 Physical Access Control	Hits: 12832
PE-04 Access Control For Transmission Medium	Hits: 9644
PE-05 Access Control For Display Medium	Hits: 8834
PE-06 Monitoring Physical Access	Hits: 11455
PE-07 Visitor Control	Hits: 7811
PE-08 Access Records	Hits: 6776
PE-09 Power Equipment And Power Cabling	Hits: 9271
PE-10 Emergency Shutoff	Hits: 8777
PE-11 Emergency Power	Hits: 8396
PE-12 Emergency Lighting	Hits: 8520
PE-13 Fire Protection	Hits: 8878
PE-14 Temperature And Humidity Controls	Hits: 8416
PE-15 Water Damage Protection	Hits: 8547
PE-16 Delivery And Removal	Hits: 8836
PE-17 Alternate Work Site	Hits: 6974
PE-18 Location Of Information System Components	Hits: 6965
PE-19 Information Leakage	Hits: 8588
PL-01 Security Planning Policy And Procedures	Hits: 15596
PL-02 System Security Plan	Hits: 10744
PL-03 System Security Plan Update	Hits: 6258
PL-04 Rules Of Behavior	Hits: 12060
PL-05 Privacy Impact Assessment	Hits: 8386
PL-06 Security-Related Activity Planning	Hits: 6554
PS-01 Personnel Security Policy And Procedures	Hits: 12798
PS-02 Position Categorization	Hits: 7295
PS-03 Personnel Screening	Hits: 8008
PS-04 Personnel Termination	Hits: 6664
PS-05 Personnel Transfer	Hits: 6273
PS-06 Access Agreements	Hits: 11381
PS-07 Third-Party Personnel Security	Hits: 11063
PS-08 Personnel Sanctions	Hits: 8041
RA-01 Risk Assessment Policy And Procedures	Hits: 11763
RA-02 Security Categorization	Hits: 14254
RA-03 Risk Assessment	Hits: 16192
RA-04 Risk Assessment Update	Hits: 10876
RA-05 Vulnerability Scanning	Hits: 18908
SA-01 System And Services Acquisition Policy And Procedures	Hits: 16186
SA-02 Allocation Of Resources	Hits: 12137
SA-03 Life Cycle Support	Hits: 14277
SA-04 Acquisitions	Hits: 13356
SA-05 Information System Documentation	Hits: 22302
SA-06 Software Usage Restrictions	Hits: 10762
SA-07 User Installed Software	Hits: 10480
SA-08 Security Engineering Principles	Hits: 17768
SA-09 External Information System Services	Hits: 13116
SA-10 Developer Configuration Management	Hits: 11699
SA-11 Developer Security Testing	Hits: 10256
SC-01 System And Communications Protection Policy And Procedures	Hits: 14203
SC-02 Application Partitioning	Hits: 13250
SC-03 Security Function Isolation	Hits: 15961
SC-04 Information Remnance	Hits: 17057
SC-05 Denial Of Service Protection	Hits: 15834
SC-06 Resource Priority	Hits: 10814
SC-07 Boundary Protection	Hits: 26993
SC-08 Transmission Integrity	Hits: 18359
SC-09 Transmission Confidentiality	Hits: 17176
SC-10 Network Disconnect	Hits: 11380
SC-11 Trusted Path	Hits: 13879
SC-12 Cryptographic Key Establishment And Management	Hits: 15038
SC-13 Use Of Cryptography	Hits: 16215
SC-14 Public Access Protections	Hits: 9582
SC-15 Collaborative Computing	Hits: 12210
SC-16 Transmission Of Security Parameters	Hits: 7281
SC-17 Public Key Infrastructure Certificates	Hits: 8203
SC-18 Mobile Code	Hits: 16898
SC-19 Voice Over Internet Protocol	Hits: 6909
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 16404
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9318
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 9010
SC-23 Session Authenticity	Hits: 17475
SI-01 System And Information Integrity Policy And Procedures	Hits: 12853
SI-02 Flaw Remediation	Hits: 23510
SI-03 Malicious Code Protection	Hits: 21444
SI-04 Information System Monitoring Tools And Techniques	Hits: 23536
SI-05 Security Alerts And Advisories	Hits: 12611
SI-06 Security Functionality Verification	Hits: 17968
SI-07 Software And Information Integrity	Hits: 16921
SI-08 Spam Protection	Hits: 8178
SI-09 Information Input Restrictions	Hits: 8465
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 17180
SI-11 Error Handling	Hits: 12748
SI-12 Information Output Handling And Retention	Hits: 10060