Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 32004
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 76456
13-05 Controls catalog SQL export	Hits: 11463
AC-01 Access Control Policies and Procedures	Hits: 50443
AC-02 Account Management	Hits: 34733
AC-03 Access Enforcement	Hits: 37883
AC-04 Information Flow Enforcement	Hits: 39906
AC-05 Separation Of Duties	Hits: 21395
AC-06 Least Privilege	Hits: 21300
AC-07 Unsuccessful Login Attempts	Hits: 19869
AC-08 System Use Notification	Hits: 18116
AC-09 Previous Logon Notification	Hits: 14592
AC-10 Concurrent Session Control	Hits: 16213
AC-11 Session Lock	Hits: 18860
AC-12 Session Termination	Hits: 18047
AC-13 Supervision And Review -- Access Control	Hits: 13258
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 11468
AC-15 Automated Marking	Hits: 10317
AC-16 Automated Labeling	Hits: 9454
AC-17 Remote Access	Hits: 19494
AC-18 Wireless Access Restrictions	Hits: 17983
AC-19 Access Control For Portable And Mobile Devices	Hits: 17788
AC-20 Use Of External Information Systems	Hits: 17246
AT-01 Security Awareness And Training Policy And Procedures	Hits: 19827
AT-02 Security Awareness	Hits: 17906
AT-03 Security Training	Hits: 17407
AT-04 Security Training Records	Hits: 12062
AT-05 Contacts With Security Groups And Associations	Hits: 9794
AU-01 Audit And Accountability Policy And Procedures	Hits: 20704
AU-02 Auditable Events	Hits: 28449
AU-03 Content Of Audit Records	Hits: 17745
AU-04 Audit Storage Capacity	Hits: 14137
AU-05 Response To Audit Processing Failures	Hits: 17424
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 37519
AU-07 Audit Reduction And Report Generation	Hits: 17053
AU-08 Time Stamps	Hits: 14024
AU-09 Protection Of Audit Information	Hits: 18213
AU-10 Non-Repudiation	Hits: 18119
AU-11 Audit Record Retention	Hits: 15776
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 18203
CA-02 Security Assessments	Hits: 21858
CA-03 Information System Connections	Hits: 12860
CA-04 Security Certification	Hits: 16345
CA-05 Plan Of Action And Milestones	Hits: 12102
CA-06 Security Accreditation	Hits: 13674
CA-07 Continuous Monitoring	Hits: 20239
CM-01 Configuration Management Policy And Procedures	Hits: 18825
CM-02 Baseline Configuration	Hits: 21912
CM-03 Configuration Change Control	Hits: 20724
CM-04 Monitoring Configuration Changes	Hits: 14034
CM-05 Access Restrictions For Change	Hits: 17028
CM-06 Configuration Settings	Hits: 19536
CM-07 Least Functionality	Hits: 24356
CM-08 Information System Component Inventory	Hits: 18175
CP-01 Contingency Planning Policy And Procedures	Hits: 13370
CP-02 Contingency Plan	Hits: 13964
CP-03 Contingency Training	Hits: 11440
CP-04 Contingency Plan Testing And Exercises	Hits: 19406
CP-05 Contingency Plan Update	Hits: 10461
CP-06 Alternate Storage Site	Hits: 12082
CP-07 Alternate Processing Site	Hits: 14365
CP-08 Telecommunications Services	Hits: 8730
CP-09 Information System Backup	Hits: 17452
CP-10 Information System Recovery And Reconstitution	Hits: 16366
IA-01 Identification And Authentication Policy And Procedures	Hits: 20620
IA-02 User Identification And Authentication	Hits: 28525
IA-03 Device Identification And Authentication	Hits: 24376
IA-04 Identifier Management	Hits: 17805
IA-05 Authenticator Management	Hits: 19838
IA-06 Authenticator Feedback	Hits: 14479
IA-07 Cryptographic Module Authentication	Hits: 20499
IR-01 Incident Response Policy And Procedures	Hits: 15051
IR-02 Incident Response Training	Hits: 13290
IR-03 Incident Response Testing And Exercises	Hits: 15412
IR-04 Incident Handling	Hits: 24858
IR-05 Incident Monitoring	Hits: 13487
IR-06 Incident Reporting	Hits: 13306
IR-07 Incident Response Assistance	Hits: 13851
MA-01 System Maintenance Policy And Procedures	Hits: 13369
MA-02 Controlled Maintenance	Hits: 14656
MA-03 Maintenance Tools	Hits: 12470
MA-04 Remote Maintenance	Hits: 14700
MA-05 Maintenance Personnel	Hits: 10350
MA-06 Timely Maintenance	Hits: 11401
MP-01 Media Protection Policy And Procedures	Hits: 13019
MP-02 Media Access	Hits: 13498
MP-03 Media Labeling	Hits: 9608
MP-04 Media Storage	Hits: 10085
MP-05 Media Transport	Hits: 10220
MP-06 Media Sanitization And Disposal	Hits: 11307
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 12517
PE-02 Physical Access Authorizations	Hits: 11121
PE-03 Physical Access Control	Hits: 14817
PE-04 Access Control For Transmission Medium	Hits: 10804
PE-05 Access Control For Display Medium	Hits: 9953
PE-06 Monitoring Physical Access	Hits: 12916
PE-07 Visitor Control	Hits: 8820
PE-08 Access Records	Hits: 7610
PE-09 Power Equipment And Power Cabling	Hits: 10404
PE-10 Emergency Shutoff	Hits: 10132
PE-11 Emergency Power	Hits: 9561
PE-12 Emergency Lighting	Hits: 9617
PE-13 Fire Protection	Hits: 10079
PE-14 Temperature And Humidity Controls	Hits: 9448
PE-15 Water Damage Protection	Hits: 9861
PE-16 Delivery And Removal	Hits: 9939
PE-17 Alternate Work Site	Hits: 7773
PE-18 Location Of Information System Components	Hits: 7801
PE-19 Information Leakage	Hits: 9726
PL-01 Security Planning Policy And Procedures	Hits: 17187
PL-02 System Security Plan	Hits: 12589
PL-03 System Security Plan Update	Hits: 7108
PL-04 Rules Of Behavior	Hits: 13961
PL-05 Privacy Impact Assessment	Hits: 9421
PL-06 Security-Related Activity Planning	Hits: 7378
PS-01 Personnel Security Policy And Procedures	Hits: 14197
PS-02 Position Categorization	Hits: 8158
PS-03 Personnel Screening	Hits: 9050
PS-04 Personnel Termination	Hits: 7538
PS-05 Personnel Transfer	Hits: 7086
PS-06 Access Agreements	Hits: 13134
PS-07 Third-Party Personnel Security	Hits: 12415
PS-08 Personnel Sanctions	Hits: 8953
RA-01 Risk Assessment Policy And Procedures	Hits: 13035
RA-02 Security Categorization	Hits: 15993
RA-03 Risk Assessment	Hits: 18328
RA-04 Risk Assessment Update	Hits: 12483
RA-05 Vulnerability Scanning	Hits: 21976
SA-01 System And Services Acquisition Policy And Procedures	Hits: 17741
SA-02 Allocation Of Resources	Hits: 14059
SA-03 Life Cycle Support	Hits: 16228
SA-04 Acquisitions	Hits: 15192
SA-05 Information System Documentation	Hits: 25854
SA-06 Software Usage Restrictions	Hits: 12248
SA-07 User Installed Software	Hits: 11896
SA-08 Security Engineering Principles	Hits: 19517
SA-09 External Information System Services	Hits: 14580
SA-10 Developer Configuration Management	Hits: 13366
SA-11 Developer Security Testing	Hits: 11502
SC-01 System And Communications Protection Policy And Procedures	Hits: 15569
SC-02 Application Partitioning	Hits: 14995
SC-03 Security Function Isolation	Hits: 18176
SC-04 Information Remnance	Hits: 18997
SC-05 Denial Of Service Protection	Hits: 18102
SC-06 Resource Priority	Hits: 12384
SC-07 Boundary Protection	Hits: 30578
SC-08 Transmission Integrity	Hits: 20867
SC-09 Transmission Confidentiality	Hits: 19554
SC-10 Network Disconnect	Hits: 13007
SC-11 Trusted Path	Hits: 15713
SC-12 Cryptographic Key Establishment And Management	Hits: 17079
SC-13 Use Of Cryptography	Hits: 19002
SC-14 Public Access Protections	Hits: 10744
SC-15 Collaborative Computing	Hits: 13492
SC-16 Transmission Of Security Parameters	Hits: 8211
SC-17 Public Key Infrastructure Certificates	Hits: 9274
SC-18 Mobile Code	Hits: 19456
SC-19 Voice Over Internet Protocol	Hits: 7760
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 18917
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 10564
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 10390
SC-23 Session Authenticity	Hits: 19868
SI-01 System And Information Integrity Policy And Procedures	Hits: 14106
SI-02 Flaw Remediation	Hits: 27192
SI-03 Malicious Code Protection	Hits: 23727
SI-04 Information System Monitoring Tools And Techniques	Hits: 26480
SI-05 Security Alerts And Advisories	Hits: 14651
SI-06 Security Functionality Verification	Hits: 20333
SI-07 Software And Information Integrity	Hits: 18819
SI-08 Spam Protection	Hits: 9415
SI-09 Information Input Restrictions	Hits: 9608
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 18770
SI-11 Error Handling	Hits: 14632
SI-12 Information Output Handling And Retention	Hits: 11228