Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 30268
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 73610
13-05 Controls catalog SQL export	Hits: 10537
AC-01 Access Control Policies and Procedures	Hits: 47614
AC-02 Account Management	Hits: 31303
AC-03 Access Enforcement	Hits: 34917
AC-04 Information Flow Enforcement	Hits: 36166
AC-05 Separation Of Duties	Hits: 19668
AC-06 Least Privilege	Hits: 19717
AC-07 Unsuccessful Login Attempts	Hits: 18460
AC-08 System Use Notification	Hits: 16122
AC-09 Previous Logon Notification	Hits: 13637
AC-10 Concurrent Session Control	Hits: 15107
AC-11 Session Lock	Hits: 17803
AC-12 Session Termination	Hits: 16516
AC-13 Supervision And Review -- Access Control	Hits: 12035
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10781
AC-15 Automated Marking	Hits: 9252
AC-16 Automated Labeling	Hits: 8664
AC-17 Remote Access	Hits: 17955
AC-18 Wireless Access Restrictions	Hits: 16719
AC-19 Access Control For Portable And Mobile Devices	Hits: 16349
AC-20 Use Of External Information Systems	Hits: 16204
AT-01 Security Awareness And Training Policy And Procedures	Hits: 18322
AT-02 Security Awareness	Hits: 16478
AT-03 Security Training	Hits: 15942
AT-04 Security Training Records	Hits: 11137
AT-05 Contacts With Security Groups And Associations	Hits: 9068
AU-01 Audit And Accountability Policy And Procedures	Hits: 19691
AU-02 Auditable Events	Hits: 26436
AU-03 Content Of Audit Records	Hits: 16378
AU-04 Audit Storage Capacity	Hits: 13060
AU-05 Response To Audit Processing Failures	Hits: 16074
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 33553
AU-07 Audit Reduction And Report Generation	Hits: 15967
AU-08 Time Stamps	Hits: 12687
AU-09 Protection Of Audit Information	Hits: 16242
AU-10 Non-Repudiation	Hits: 17136
AU-11 Audit Record Retention	Hits: 14594
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 16326
CA-02 Security Assessments	Hits: 20443
CA-03 Information System Connections	Hits: 11973
CA-04 Security Certification	Hits: 14789
CA-05 Plan Of Action And Milestones	Hits: 10723
CA-06 Security Accreditation	Hits: 12388
CA-07 Continuous Monitoring	Hits: 18652
CM-01 Configuration Management Policy And Procedures	Hits: 17424
CM-02 Baseline Configuration	Hits: 20451
CM-03 Configuration Change Control	Hits: 18541
CM-04 Monitoring Configuration Changes	Hits: 12383
CM-05 Access Restrictions For Change	Hits: 15581
CM-06 Configuration Settings	Hits: 15369
CM-07 Least Functionality	Hits: 22917
CM-08 Information System Component Inventory	Hits: 16723
CP-01 Contingency Planning Policy And Procedures	Hits: 12420
CP-02 Contingency Plan	Hits: 12676
CP-03 Contingency Training	Hits: 10530
CP-04 Contingency Plan Testing And Exercises	Hits: 18266
CP-05 Contingency Plan Update	Hits: 9668
CP-06 Alternate Storage Site	Hits: 10944
CP-07 Alternate Processing Site	Hits: 13400
CP-08 Telecommunications Services	Hits: 8017
CP-09 Information System Backup	Hits: 16029
CP-10 Information System Recovery And Reconstitution	Hits: 15164
IA-01 Identification And Authentication Policy And Procedures	Hits: 18981
IA-02 User Identification And Authentication	Hits: 26341
IA-03 Device Identification And Authentication	Hits: 22243
IA-04 Identifier Management	Hits: 15836
IA-05 Authenticator Management	Hits: 18642
IA-06 Authenticator Feedback	Hits: 13149
IA-07 Cryptographic Module Authentication	Hits: 18879
IR-01 Incident Response Policy And Procedures	Hits: 14024
IR-02 Incident Response Training	Hits: 12027
IR-03 Incident Response Testing And Exercises	Hits: 14400
IR-04 Incident Handling	Hits: 22471
IR-05 Incident Monitoring	Hits: 12451
IR-06 Incident Reporting	Hits: 12247
IR-07 Incident Response Assistance	Hits: 12549
MA-01 System Maintenance Policy And Procedures	Hits: 12507
MA-02 Controlled Maintenance	Hits: 13643
MA-03 Maintenance Tools	Hits: 11547
MA-04 Remote Maintenance	Hits: 13449
MA-05 Maintenance Personnel	Hits: 9476
MA-06 Timely Maintenance	Hits: 10623
MP-01 Media Protection Policy And Procedures	Hits: 12099
MP-02 Media Access	Hits: 12234
MP-03 Media Labeling	Hits: 8785
MP-04 Media Storage	Hits: 9229
MP-05 Media Transport	Hits: 9476
MP-06 Media Sanitization And Disposal	Hits: 10257
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11689
PE-02 Physical Access Authorizations	Hits: 10275
PE-03 Physical Access Control	Hits: 13268
PE-04 Access Control For Transmission Medium	Hits: 10080
PE-05 Access Control For Display Medium	Hits: 9088
PE-06 Monitoring Physical Access	Hits: 11879
PE-07 Visitor Control	Hits: 8139
PE-08 Access Records	Hits: 7094
PE-09 Power Equipment And Power Cabling	Hits: 9623
PE-10 Emergency Shutoff	Hits: 9059
PE-11 Emergency Power	Hits: 8665
PE-12 Emergency Lighting	Hits: 8837
PE-13 Fire Protection	Hits: 9204
PE-14 Temperature And Humidity Controls	Hits: 8762
PE-15 Water Damage Protection	Hits: 8828
PE-16 Delivery And Removal	Hits: 9198
PE-17 Alternate Work Site	Hits: 7273
PE-18 Location Of Information System Components	Hits: 7279
PE-19 Information Leakage	Hits: 8978
PL-01 Security Planning Policy And Procedures	Hits: 16170
PL-02 System Security Plan	Hits: 11272
PL-03 System Security Plan Update	Hits: 6500
PL-04 Rules Of Behavior	Hits: 12615
PL-05 Privacy Impact Assessment	Hits: 8739
PL-06 Security-Related Activity Planning	Hits: 6769
PS-01 Personnel Security Policy And Procedures	Hits: 13392
PS-02 Position Categorization	Hits: 7649
PS-03 Personnel Screening	Hits: 8303
PS-04 Personnel Termination	Hits: 6958
PS-05 Personnel Transfer	Hits: 6537
PS-06 Access Agreements	Hits: 12004
PS-07 Third-Party Personnel Security	Hits: 11632
PS-08 Personnel Sanctions	Hits: 8384
RA-01 Risk Assessment Policy And Procedures	Hits: 12115
RA-02 Security Categorization	Hits: 14796
RA-03 Risk Assessment	Hits: 16885
RA-04 Risk Assessment Update	Hits: 11327
RA-05 Vulnerability Scanning	Hits: 19831
SA-01 System And Services Acquisition Policy And Procedures	Hits: 16888
SA-02 Allocation Of Resources	Hits: 12564
SA-03 Life Cycle Support	Hits: 14903
SA-04 Acquisitions	Hits: 14065
SA-05 Information System Documentation	Hits: 23264
SA-06 Software Usage Restrictions	Hits: 11196
SA-07 User Installed Software	Hits: 10861
SA-08 Security Engineering Principles	Hits: 18334
SA-09 External Information System Services	Hits: 13670
SA-10 Developer Configuration Management	Hits: 12187
SA-11 Developer Security Testing	Hits: 10647
SC-01 System And Communications Protection Policy And Procedures	Hits: 14600
SC-02 Application Partitioning	Hits: 13807
SC-03 Security Function Isolation	Hits: 16678
SC-04 Information Remnance	Hits: 17569
SC-05 Denial Of Service Protection	Hits: 16421
SC-06 Resource Priority	Hits: 11231
SC-07 Boundary Protection	Hits: 28411
SC-08 Transmission Integrity	Hits: 19354
SC-09 Transmission Confidentiality	Hits: 17797
SC-10 Network Disconnect	Hits: 11895
SC-11 Trusted Path	Hits: 14457
SC-12 Cryptographic Key Establishment And Management	Hits: 15545
SC-13 Use Of Cryptography	Hits: 17000
SC-14 Public Access Protections	Hits: 9886
SC-15 Collaborative Computing	Hits: 12735
SC-16 Transmission Of Security Parameters	Hits: 7544
SC-17 Public Key Infrastructure Certificates	Hits: 8655
SC-18 Mobile Code	Hits: 17738
SC-19 Voice Over Internet Protocol	Hits: 7223
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 17456
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 10004
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 9558
SC-23 Session Authenticity	Hits: 18231
SI-01 System And Information Integrity Policy And Procedures	Hits: 13253
SI-02 Flaw Remediation	Hits: 24922
SI-03 Malicious Code Protection	Hits: 22311
SI-04 Information System Monitoring Tools And Techniques	Hits: 24777
SI-05 Security Alerts And Advisories	Hits: 13216
SI-06 Security Functionality Verification	Hits: 18578
SI-07 Software And Information Integrity	Hits: 17464
SI-08 Spam Protection	Hits: 8655
SI-09 Information Input Restrictions	Hits: 8732
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 17719
SI-11 Error Handling	Hits: 13326
SI-12 Information Output Handling And Retention	Hits: 10583