Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 28276
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 70273
13-05 Controls catalog SQL export	Hits: 9841
AC-01 Access Control Policies and Procedures	Hits: 44921
AC-02 Account Management	Hits: 28802
AC-03 Access Enforcement	Hits: 32185
AC-04 Information Flow Enforcement	Hits: 33290
AC-05 Separation Of Duties	Hits: 18284
AC-06 Least Privilege	Hits: 18204
AC-07 Unsuccessful Login Attempts	Hits: 17114
AC-08 System Use Notification	Hits: 14765
AC-09 Previous Logon Notification	Hits: 12789
AC-10 Concurrent Session Control	Hits: 14262
AC-11 Session Lock	Hits: 16585
AC-12 Session Termination	Hits: 15295
AC-13 Supervision And Review -- Access Control	Hits: 11190
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10037
AC-15 Automated Marking	Hits: 8534
AC-16 Automated Labeling	Hits: 7958
AC-17 Remote Access	Hits: 16661
AC-18 Wireless Access Restrictions	Hits: 15423
AC-19 Access Control For Portable And Mobile Devices	Hits: 15098
AC-20 Use Of External Information Systems	Hits: 14965
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17193
AT-02 Security Awareness	Hits: 15438
AT-03 Security Training	Hits: 14869
AT-04 Security Training Records	Hits: 10257
AT-05 Contacts With Security Groups And Associations	Hits: 8461
AU-01 Audit And Accountability Policy And Procedures	Hits: 18558
AU-02 Auditable Events	Hits: 24308
AU-03 Content Of Audit Records	Hits: 14943
AU-04 Audit Storage Capacity	Hits: 12145
AU-05 Response To Audit Processing Failures	Hits: 15155
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 30953
AU-07 Audit Reduction And Report Generation	Hits: 15205
AU-08 Time Stamps	Hits: 11859
AU-09 Protection Of Audit Information	Hits: 15098
AU-10 Non-Repudiation	Hits: 15994
AU-11 Audit Record Retention	Hits: 13662
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15182
CA-02 Security Assessments	Hits: 18914
CA-03 Information System Connections	Hits: 11149
CA-04 Security Certification	Hits: 13870
CA-05 Plan Of Action And Milestones	Hits: 10043
CA-06 Security Accreditation	Hits: 11668
CA-07 Continuous Monitoring	Hits: 17307
CM-01 Configuration Management Policy And Procedures	Hits: 16449
CM-02 Baseline Configuration	Hits: 18962
CM-03 Configuration Change Control	Hits: 17118
CM-04 Monitoring Configuration Changes	Hits: 11586
CM-05 Access Restrictions For Change	Hits: 14662
CM-06 Configuration Settings	Hits: 14136
CM-07 Least Functionality	Hits: 21443
CM-08 Information System Component Inventory	Hits: 15308
CP-01 Contingency Planning Policy And Procedures	Hits: 11813
CP-02 Contingency Plan	Hits: 11943
CP-03 Contingency Training	Hits: 9909
CP-04 Contingency Plan Testing And Exercises	Hits: 17309
CP-05 Contingency Plan Update	Hits: 9056
CP-06 Alternate Storage Site	Hits: 10327
CP-07 Alternate Processing Site	Hits: 12603
CP-08 Telecommunications Services	Hits: 7547
CP-09 Information System Backup	Hits: 15154
CP-10 Information System Recovery And Reconstitution	Hits: 14266
IA-01 Identification And Authentication Policy And Procedures	Hits: 17927
IA-02 User Identification And Authentication	Hits: 24440
IA-03 Device Identification And Authentication	Hits: 20813
IA-04 Identifier Management	Hits: 14575
IA-05 Authenticator Management	Hits: 17570
IA-06 Authenticator Feedback	Hits: 12135
IA-07 Cryptographic Module Authentication	Hits: 17842
IR-01 Incident Response Policy And Procedures	Hits: 13248
IR-02 Incident Response Training	Hits: 11353
IR-03 Incident Response Testing And Exercises	Hits: 13716
IR-04 Incident Handling	Hits: 20912
IR-05 Incident Monitoring	Hits: 11502
IR-06 Incident Reporting	Hits: 11439
IR-07 Incident Response Assistance	Hits: 11739
MA-01 System Maintenance Policy And Procedures	Hits: 11922
MA-02 Controlled Maintenance	Hits: 12585
MA-03 Maintenance Tools	Hits: 10935
MA-04 Remote Maintenance	Hits: 12547
MA-05 Maintenance Personnel	Hits: 8960
MA-06 Timely Maintenance	Hits: 10032
MP-01 Media Protection Policy And Procedures	Hits: 11538
MP-02 Media Access	Hits: 11411
MP-03 Media Labeling	Hits: 8228
MP-04 Media Storage	Hits: 8672
MP-05 Media Transport	Hits: 8851
MP-06 Media Sanitization And Disposal	Hits: 9727
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11117
PE-02 Physical Access Authorizations	Hits: 9705
PE-03 Physical Access Control	Hits: 12502
PE-04 Access Control For Transmission Medium	Hits: 9453
PE-05 Access Control For Display Medium	Hits: 8643
PE-06 Monitoring Physical Access	Hits: 11226
PE-07 Visitor Control	Hits: 7637
PE-08 Access Records	Hits: 6634
PE-09 Power Equipment And Power Cabling	Hits: 9092
PE-10 Emergency Shutoff	Hits: 8565
PE-11 Emergency Power	Hits: 8204
PE-12 Emergency Lighting	Hits: 8342
PE-13 Fire Protection	Hits: 8704
PE-14 Temperature And Humidity Controls	Hits: 8245
PE-15 Water Damage Protection	Hits: 8339
PE-16 Delivery And Removal	Hits: 8657
PE-17 Alternate Work Site	Hits: 6829
PE-18 Location Of Information System Components	Hits: 6833
PE-19 Information Leakage	Hits: 8394
PL-01 Security Planning Policy And Procedures	Hits: 15295
PL-02 System Security Plan	Hits: 10422
PL-03 System Security Plan Update	Hits: 6135
PL-04 Rules Of Behavior	Hits: 11692
PL-05 Privacy Impact Assessment	Hits: 8209
PL-06 Security-Related Activity Planning	Hits: 6423
PS-01 Personnel Security Policy And Procedures	Hits: 12556
PS-02 Position Categorization	Hits: 7143
PS-03 Personnel Screening	Hits: 7806
PS-04 Personnel Termination	Hits: 6518
PS-05 Personnel Transfer	Hits: 6143
PS-06 Access Agreements	Hits: 11081
PS-07 Third-Party Personnel Security	Hits: 10837
PS-08 Personnel Sanctions	Hits: 7892
RA-01 Risk Assessment Policy And Procedures	Hits: 11508
RA-02 Security Categorization	Hits: 13935
RA-03 Risk Assessment	Hits: 15836
RA-04 Risk Assessment Update	Hits: 10638
RA-05 Vulnerability Scanning	Hits: 18284
SA-01 System And Services Acquisition Policy And Procedures	Hits: 15873
SA-02 Allocation Of Resources	Hits: 11839
SA-03 Life Cycle Support	Hits: 13938
SA-04 Acquisitions	Hits: 13033
SA-05 Information System Documentation	Hits: 21733
SA-06 Software Usage Restrictions	Hits: 10523
SA-07 User Installed Software	Hits: 10245
SA-08 Security Engineering Principles	Hits: 17460
SA-09 External Information System Services	Hits: 12819
SA-10 Developer Configuration Management	Hits: 11443
SA-11 Developer Security Testing	Hits: 10056
SC-01 System And Communications Protection Policy And Procedures	Hits: 13922
SC-02 Application Partitioning	Hits: 12964
SC-03 Security Function Isolation	Hits: 15597
SC-04 Information Remnance	Hits: 16705
SC-05 Denial Of Service Protection	Hits: 15432
SC-06 Resource Priority	Hits: 10558
SC-07 Boundary Protection	Hits: 26370
SC-08 Transmission Integrity	Hits: 17930
SC-09 Transmission Confidentiality	Hits: 16767
SC-10 Network Disconnect	Hits: 11105
SC-11 Trusted Path	Hits: 13564
SC-12 Cryptographic Key Establishment And Management	Hits: 14706
SC-13 Use Of Cryptography	Hits: 15690
SC-14 Public Access Protections	Hits: 9378
SC-15 Collaborative Computing	Hits: 11998
SC-16 Transmission Of Security Parameters	Hits: 7133
SC-17 Public Key Infrastructure Certificates	Hits: 8015
SC-18 Mobile Code	Hits: 16398
SC-19 Voice Over Internet Protocol	Hits: 6778
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 15933
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9100
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 8719
SC-23 Session Authenticity	Hits: 17046
SI-01 System And Information Integrity Policy And Procedures	Hits: 12597
SI-02 Flaw Remediation	Hits: 22660
SI-03 Malicious Code Protection	Hits: 20973
SI-04 Information System Monitoring Tools And Techniques	Hits: 23034
SI-05 Security Alerts And Advisories	Hits: 12341
SI-06 Security Functionality Verification	Hits: 17527
SI-07 Software And Information Integrity	Hits: 16580
SI-08 Spam Protection	Hits: 7987
SI-09 Information Input Restrictions	Hits: 8203
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 16908
SI-11 Error Handling	Hits: 12358
SI-12 Information Output Handling And Retention	Hits: 9822