Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 29477
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 72481
13-05 Controls catalog SQL export	Hits: 10297
AC-01 Access Control Policies and Procedures	Hits: 46698
AC-02 Account Management	Hits: 30375
AC-03 Access Enforcement	Hits: 33956
AC-04 Information Flow Enforcement	Hits: 35220
AC-05 Separation Of Duties	Hits: 19102
AC-06 Least Privilege	Hits: 19159
AC-07 Unsuccessful Login Attempts	Hits: 17950
AC-08 System Use Notification	Hits: 15675
AC-09 Previous Logon Notification	Hits: 13336
AC-10 Concurrent Session Control	Hits: 14825
AC-11 Session Lock	Hits: 17404
AC-12 Session Termination	Hits: 16107
AC-13 Supervision And Review -- Access Control	Hits: 11700
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10546
AC-15 Automated Marking	Hits: 8955
AC-16 Automated Labeling	Hits: 8443
AC-17 Remote Access	Hits: 17533
AC-18 Wireless Access Restrictions	Hits: 16257
AC-19 Access Control For Portable And Mobile Devices	Hits: 15969
AC-20 Use Of External Information Systems	Hits: 15816
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17962
AT-02 Security Awareness	Hits: 16149
AT-03 Security Training	Hits: 15590
AT-04 Security Training Records	Hits: 10828
AT-05 Contacts With Security Groups And Associations	Hits: 8852
AU-01 Audit And Accountability Policy And Procedures	Hits: 19384
AU-02 Auditable Events	Hits: 25726
AU-03 Content Of Audit Records	Hits: 16018
AU-04 Audit Storage Capacity	Hits: 12747
AU-05 Response To Audit Processing Failures	Hits: 15778
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 32587
AU-07 Audit Reduction And Report Generation	Hits: 15730
AU-08 Time Stamps	Hits: 12411
AU-09 Protection Of Audit Information	Hits: 15845
AU-10 Non-Repudiation	Hits: 16828
AU-11 Audit Record Retention	Hits: 14297
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15919
CA-02 Security Assessments	Hits: 19881
CA-03 Information System Connections	Hits: 11729
CA-04 Security Certification	Hits: 14480
CA-05 Plan Of Action And Milestones	Hits: 10488
CA-06 Security Accreditation	Hits: 12160
CA-07 Continuous Monitoring	Hits: 18176
CM-01 Configuration Management Policy And Procedures	Hits: 17149
CM-02 Baseline Configuration	Hits: 19956
CM-03 Configuration Change Control	Hits: 18040
CM-04 Monitoring Configuration Changes	Hits: 12116
CM-05 Access Restrictions For Change	Hits: 15318
CM-06 Configuration Settings	Hits: 14991
CM-07 Least Functionality	Hits: 22465
CM-08 Information System Component Inventory	Hits: 16244
CP-01 Contingency Planning Policy And Procedures	Hits: 12236
CP-02 Contingency Plan	Hits: 12433
CP-03 Contingency Training	Hits: 10355
CP-04 Contingency Plan Testing And Exercises	Hits: 17986
CP-05 Contingency Plan Update	Hits: 9437
CP-06 Alternate Storage Site	Hits: 10733
CP-07 Alternate Processing Site	Hits: 13181
CP-08 Telecommunications Services	Hits: 7857
CP-09 Information System Backup	Hits: 15743
CP-10 Information System Recovery And Reconstitution	Hits: 14878
IA-01 Identification And Authentication Policy And Procedures	Hits: 18701
IA-02 User Identification And Authentication	Hits: 25734
IA-03 Device Identification And Authentication	Hits: 21774
IA-04 Identifier Management	Hits: 15310
IA-05 Authenticator Management	Hits: 18283
IA-06 Authenticator Feedback	Hits: 12848
IA-07 Cryptographic Module Authentication	Hits: 18580
IR-01 Incident Response Policy And Procedures	Hits: 13751
IR-02 Incident Response Training	Hits: 11828
IR-03 Incident Response Testing And Exercises	Hits: 14171
IR-04 Incident Handling	Hits: 21891
IR-05 Incident Monitoring	Hits: 12127
IR-06 Incident Reporting	Hits: 11951
IR-07 Incident Response Assistance	Hits: 12279
MA-01 System Maintenance Policy And Procedures	Hits: 12341
MA-02 Controlled Maintenance	Hits: 13308
MA-03 Maintenance Tools	Hits: 11363
MA-04 Remote Maintenance	Hits: 13154
MA-05 Maintenance Personnel	Hits: 9309
MA-06 Timely Maintenance	Hits: 10420
MP-01 Media Protection Policy And Procedures	Hits: 11935
MP-02 Media Access	Hits: 11936
MP-03 Media Labeling	Hits: 8587
MP-04 Media Storage	Hits: 9028
MP-05 Media Transport	Hits: 9238
MP-06 Media Sanitization And Disposal	Hits: 10060
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11510
PE-02 Physical Access Authorizations	Hits: 10072
PE-03 Physical Access Control	Hits: 13012
PE-04 Access Control For Transmission Medium	Hits: 9898
PE-05 Access Control For Display Medium	Hits: 8942
PE-06 Monitoring Physical Access	Hits: 11665
PE-07 Visitor Control	Hits: 7993
PE-08 Access Records	Hits: 6928
PE-09 Power Equipment And Power Cabling	Hits: 9466
PE-10 Emergency Shutoff	Hits: 8890
PE-11 Emergency Power	Hits: 8503
PE-12 Emergency Lighting	Hits: 8662
PE-13 Fire Protection	Hits: 9045
PE-14 Temperature And Humidity Controls	Hits: 8578
PE-15 Water Damage Protection	Hits: 8668
PE-16 Delivery And Removal	Hits: 8998
PE-17 Alternate Work Site	Hits: 7140
PE-18 Location Of Information System Components	Hits: 7142
PE-19 Information Leakage	Hits: 8801
PL-01 Security Planning Policy And Procedures	Hits: 15874
PL-02 System Security Plan	Hits: 10945
PL-03 System Security Plan Update	Hits: 6370
PL-04 Rules Of Behavior	Hits: 12272
PL-05 Privacy Impact Assessment	Hits: 8560
PL-06 Security-Related Activity Planning	Hits: 6664
PS-01 Personnel Security Policy And Procedures	Hits: 13050
PS-02 Position Categorization	Hits: 7491
PS-03 Personnel Screening	Hits: 8122
PS-04 Personnel Termination	Hits: 6826
PS-05 Personnel Transfer	Hits: 6385
PS-06 Access Agreements	Hits: 11719
PS-07 Third-Party Personnel Security	Hits: 11369
PS-08 Personnel Sanctions	Hits: 8237
RA-01 Risk Assessment Policy And Procedures	Hits: 11899
RA-02 Security Categorization	Hits: 14524
RA-03 Risk Assessment	Hits: 16547
RA-04 Risk Assessment Update	Hits: 11127
RA-05 Vulnerability Scanning	Hits: 19229
SA-01 System And Services Acquisition Policy And Procedures	Hits: 16562
SA-02 Allocation Of Resources	Hits: 12311
SA-03 Life Cycle Support	Hits: 14562
SA-04 Acquisitions	Hits: 13724
SA-05 Information System Documentation	Hits: 22781
SA-06 Software Usage Restrictions	Hits: 10974
SA-07 User Installed Software	Hits: 10659
SA-08 Security Engineering Principles	Hits: 18048
SA-09 External Information System Services	Hits: 13379
SA-10 Developer Configuration Management	Hits: 11950
SA-11 Developer Security Testing	Hits: 10464
SC-01 System And Communications Protection Policy And Procedures	Hits: 14383
SC-02 Application Partitioning	Hits: 13506
SC-03 Security Function Isolation	Hits: 16314
SC-04 Information Remnance	Hits: 17314
SC-05 Denial Of Service Protection	Hits: 16067
SC-06 Resource Priority	Hits: 11007
SC-07 Boundary Protection	Hits: 27722
SC-08 Transmission Integrity	Hits: 18922
SC-09 Transmission Confidentiality	Hits: 17434
SC-10 Network Disconnect	Hits: 11670
SC-11 Trusted Path	Hits: 14192
SC-12 Cryptographic Key Establishment And Management	Hits: 15300
SC-13 Use Of Cryptography	Hits: 16506
SC-14 Public Access Protections	Hits: 9727
SC-15 Collaborative Computing	Hits: 12480
SC-16 Transmission Of Security Parameters	Hits: 7427
SC-17 Public Key Infrastructure Certificates	Hits: 8427
SC-18 Mobile Code	Hits: 17262
SC-19 Voice Over Internet Protocol	Hits: 7070
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 16901
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9777
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 9360
SC-23 Session Authenticity	Hits: 17844
SI-01 System And Information Integrity Policy And Procedures	Hits: 13056
SI-02 Flaw Remediation	Hits: 24113
SI-03 Malicious Code Protection	Hits: 21848
SI-04 Information System Monitoring Tools And Techniques	Hits: 24262
SI-05 Security Alerts And Advisories	Hits: 12976
SI-06 Security Functionality Verification	Hits: 18177
SI-07 Software And Information Integrity	Hits: 17171
SI-08 Spam Protection	Hits: 8417
SI-09 Information Input Restrictions	Hits: 8564
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 17467
SI-11 Error Handling	Hits: 13049
SI-12 Information Output Handling And Retention	Hits: 10342