Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 32402
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 77282
13-05 Controls catalog SQL export	Hits: 11738
AC-01 Access Control Policies and Procedures	Hits: 51175
AC-02 Account Management	Hits: 35588
AC-03 Access Enforcement	Hits: 38725
AC-04 Information Flow Enforcement	Hits: 41135
AC-05 Separation Of Duties	Hits: 21936
AC-06 Least Privilege	Hits: 21869
AC-07 Unsuccessful Login Attempts	Hits: 20306
AC-08 System Use Notification	Hits: 18794
AC-09 Previous Logon Notification	Hits: 14891
AC-10 Concurrent Session Control	Hits: 16571
AC-11 Session Lock	Hits: 19277
AC-12 Session Termination	Hits: 18502
AC-13 Supervision And Review -- Access Control	Hits: 13612
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 11701
AC-15 Automated Marking	Hits: 10581
AC-16 Automated Labeling	Hits: 9761
AC-17 Remote Access	Hits: 20008
AC-18 Wireless Access Restrictions	Hits: 18443
AC-19 Access Control For Portable And Mobile Devices	Hits: 18242
AC-20 Use Of External Information Systems	Hits: 17654
AT-01 Security Awareness And Training Policy And Procedures	Hits: 20346
AT-02 Security Awareness	Hits: 18341
AT-03 Security Training	Hits: 17817
AT-04 Security Training Records	Hits: 12380
AT-05 Contacts With Security Groups And Associations	Hits: 10033
AU-01 Audit And Accountability Policy And Procedures	Hits: 21115
AU-02 Auditable Events	Hits: 29115
AU-03 Content Of Audit Records	Hits: 18205
AU-04 Audit Storage Capacity	Hits: 14511
AU-05 Response To Audit Processing Failures	Hits: 17876
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 38793
AU-07 Audit Reduction And Report Generation	Hits: 17378
AU-08 Time Stamps	Hits: 14415
AU-09 Protection Of Audit Information	Hits: 18787
AU-10 Non-Repudiation	Hits: 18519
AU-11 Audit Record Retention	Hits: 16211
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 18638
CA-02 Security Assessments	Hits: 22376
CA-03 Information System Connections	Hits: 13158
CA-04 Security Certification	Hits: 16766
CA-05 Plan Of Action And Milestones	Hits: 12502
CA-06 Security Accreditation	Hits: 14050
CA-07 Continuous Monitoring	Hits: 20773
CM-01 Configuration Management Policy And Procedures	Hits: 19270
CM-02 Baseline Configuration	Hits: 22387
CM-03 Configuration Change Control	Hits: 21235
CM-04 Monitoring Configuration Changes	Hits: 14499
CM-05 Access Restrictions For Change	Hits: 17438
CM-06 Configuration Settings	Hits: 20727
CM-07 Least Functionality	Hits: 24801
CM-08 Information System Component Inventory	Hits: 18653
CP-01 Contingency Planning Policy And Procedures	Hits: 13695
CP-02 Contingency Plan	Hits: 14357
CP-03 Contingency Training	Hits: 11753
CP-04 Contingency Plan Testing And Exercises	Hits: 19830
CP-05 Contingency Plan Update	Hits: 10737
CP-06 Alternate Storage Site	Hits: 12435
CP-07 Alternate Processing Site	Hits: 14717
CP-08 Telecommunications Services	Hits: 8975
CP-09 Information System Backup	Hits: 17873
CP-10 Information System Recovery And Reconstitution	Hits: 16782
IA-01 Identification And Authentication Policy And Procedures	Hits: 21124
IA-02 User Identification And Authentication	Hits: 29167
IA-03 Device Identification And Authentication	Hits: 25062
IA-04 Identifier Management	Hits: 18374
IA-05 Authenticator Management	Hits: 20204
IA-06 Authenticator Feedback	Hits: 14843
IA-07 Cryptographic Module Authentication	Hits: 20927
IR-01 Incident Response Policy And Procedures	Hits: 15419
IR-02 Incident Response Training	Hits: 13676
IR-03 Incident Response Testing And Exercises	Hits: 15788
IR-04 Incident Handling	Hits: 25619
IR-05 Incident Monitoring	Hits: 13828
IR-06 Incident Reporting	Hits: 13655
IR-07 Incident Response Assistance	Hits: 14221
MA-01 System Maintenance Policy And Procedures	Hits: 13633
MA-02 Controlled Maintenance	Hits: 15039
MA-03 Maintenance Tools	Hits: 12800
MA-04 Remote Maintenance	Hits: 15079
MA-05 Maintenance Personnel	Hits: 10635
MA-06 Timely Maintenance	Hits: 11669
MP-01 Media Protection Policy And Procedures	Hits: 13327
MP-02 Media Access	Hits: 13881
MP-03 Media Labeling	Hits: 9878
MP-04 Media Storage	Hits: 10397
MP-05 Media Transport	Hits: 10521
MP-06 Media Sanitization And Disposal	Hits: 11619
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 12843
PE-02 Physical Access Authorizations	Hits: 11425
PE-03 Physical Access Control	Hits: 15252
PE-04 Access Control For Transmission Medium	Hits: 11062
PE-05 Access Control For Display Medium	Hits: 10197
PE-06 Monitoring Physical Access	Hits: 13243
PE-07 Visitor Control	Hits: 9099
PE-08 Access Records	Hits: 7827
PE-09 Power Equipment And Power Cabling	Hits: 10653
PE-10 Emergency Shutoff	Hits: 10432
PE-11 Emergency Power	Hits: 9854
PE-12 Emergency Lighting	Hits: 9874
PE-13 Fire Protection	Hits: 10390
PE-14 Temperature And Humidity Controls	Hits: 9709
PE-15 Water Damage Protection	Hits: 10172
PE-16 Delivery And Removal	Hits: 10259
PE-17 Alternate Work Site	Hits: 7974
PE-18 Location Of Information System Components	Hits: 8028
PE-19 Information Leakage	Hits: 9963
PL-01 Security Planning Policy And Procedures	Hits: 17514
PL-02 System Security Plan	Hits: 12966
PL-03 System Security Plan Update	Hits: 7319
PL-04 Rules Of Behavior	Hits: 14337
PL-05 Privacy Impact Assessment	Hits: 9689
PL-06 Security-Related Activity Planning	Hits: 7573
PS-01 Personnel Security Policy And Procedures	Hits: 14511
PS-02 Position Categorization	Hits: 8357
PS-03 Personnel Screening	Hits: 9279
PS-04 Personnel Termination	Hits: 7782
PS-05 Personnel Transfer	Hits: 7297
PS-06 Access Agreements	Hits: 13497
PS-07 Third-Party Personnel Security	Hits: 12705
PS-08 Personnel Sanctions	Hits: 9173
RA-01 Risk Assessment Policy And Procedures	Hits: 13322
RA-02 Security Categorization	Hits: 16396
RA-03 Risk Assessment	Hits: 18779
RA-04 Risk Assessment Update	Hits: 12830
RA-05 Vulnerability Scanning	Hits: 22571
SA-01 System And Services Acquisition Policy And Procedures	Hits: 18093
SA-02 Allocation Of Resources	Hits: 14475
SA-03 Life Cycle Support	Hits: 16605
SA-04 Acquisitions	Hits: 15621
SA-05 Information System Documentation	Hits: 26619
SA-06 Software Usage Restrictions	Hits: 12589
SA-07 User Installed Software	Hits: 12259
SA-08 Security Engineering Principles	Hits: 19952
SA-09 External Information System Services	Hits: 14888
SA-10 Developer Configuration Management	Hits: 13751
SA-11 Developer Security Testing	Hits: 11791
SC-01 System And Communications Protection Policy And Procedures	Hits: 15883
SC-02 Application Partitioning	Hits: 15382
SC-03 Security Function Isolation	Hits: 18648
SC-04 Information Remnance	Hits: 19356
SC-05 Denial Of Service Protection	Hits: 18577
SC-06 Resource Priority	Hits: 12711
SC-07 Boundary Protection	Hits: 31417
SC-08 Transmission Integrity	Hits: 21304
SC-09 Transmission Confidentiality	Hits: 19974
SC-10 Network Disconnect	Hits: 13369
SC-11 Trusted Path	Hits: 16126
SC-12 Cryptographic Key Establishment And Management	Hits: 17563
SC-13 Use Of Cryptography	Hits: 19566
SC-14 Public Access Protections	Hits: 11011
SC-15 Collaborative Computing	Hits: 13805
SC-16 Transmission Of Security Parameters	Hits: 8401
SC-17 Public Key Infrastructure Certificates	Hits: 9546
SC-18 Mobile Code	Hits: 19933
SC-19 Voice Over Internet Protocol	Hits: 7966
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 19551
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 10896
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 10699
SC-23 Session Authenticity	Hits: 20305
SI-01 System And Information Integrity Policy And Procedures	Hits: 14374
SI-02 Flaw Remediation	Hits: 28022
SI-03 Malicious Code Protection	Hits: 24240
SI-04 Information System Monitoring Tools And Techniques	Hits: 27086
SI-05 Security Alerts And Advisories	Hits: 15038
SI-06 Security Functionality Verification	Hits: 20772
SI-07 Software And Information Integrity	Hits: 19193
SI-08 Spam Protection	Hits: 9718
SI-09 Information Input Restrictions	Hits: 9853
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 19165
SI-11 Error Handling	Hits: 15020
SI-12 Information Output Handling And Retention	Hits: 11490