Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 32288
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 76998
13-05 Controls catalog SQL export	Hits: 11639
AC-01 Access Control Policies and Procedures	Hits: 50985
AC-02 Account Management	Hits: 35339
AC-03 Access Enforcement	Hits: 38493
AC-04 Information Flow Enforcement	Hits: 40807
AC-05 Separation Of Duties	Hits: 21779
AC-06 Least Privilege	Hits: 21688
AC-07 Unsuccessful Login Attempts	Hits: 20170
AC-08 System Use Notification	Hits: 18589
AC-09 Previous Logon Notification	Hits: 14793
AC-10 Concurrent Session Control	Hits: 16447
AC-11 Session Lock	Hits: 19162
AC-12 Session Termination	Hits: 18363
AC-13 Supervision And Review -- Access Control	Hits: 13510
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 11632
AC-15 Automated Marking	Hits: 10493
AC-16 Automated Labeling	Hits: 9673
AC-17 Remote Access	Hits: 19862
AC-18 Wireless Access Restrictions	Hits: 18302
AC-19 Access Control For Portable And Mobile Devices	Hits: 18111
AC-20 Use Of External Information Systems	Hits: 17549
AT-01 Security Awareness And Training Policy And Procedures	Hits: 20188
AT-02 Security Awareness	Hits: 18222
AT-03 Security Training	Hits: 17708
AT-04 Security Training Records	Hits: 12285
AT-05 Contacts With Security Groups And Associations	Hits: 9955
AU-01 Audit And Accountability Policy And Procedures	Hits: 20982
AU-02 Auditable Events	Hits: 28916
AU-03 Content Of Audit Records	Hits: 18077
AU-04 Audit Storage Capacity	Hits: 14405
AU-05 Response To Audit Processing Failures	Hits: 17746
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 38412
AU-07 Audit Reduction And Report Generation	Hits: 17273
AU-08 Time Stamps	Hits: 14288
AU-09 Protection Of Audit Information	Hits: 18619
AU-10 Non-Repudiation	Hits: 18405
AU-11 Audit Record Retention	Hits: 16080
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 18523
CA-02 Security Assessments	Hits: 22224
CA-03 Information System Connections	Hits: 13067
CA-04 Security Certification	Hits: 16645
CA-05 Plan Of Action And Milestones	Hits: 12407
CA-06 Security Accreditation	Hits: 13931
CA-07 Continuous Monitoring	Hits: 20634
CM-01 Configuration Management Policy And Procedures	Hits: 19142
CM-02 Baseline Configuration	Hits: 22239
CM-03 Configuration Change Control	Hits: 21077
CM-04 Monitoring Configuration Changes	Hits: 14363
CM-05 Access Restrictions For Change	Hits: 17320
CM-06 Configuration Settings	Hits: 20423
CM-07 Least Functionality	Hits: 24662
CM-08 Information System Component Inventory	Hits: 18499
CP-01 Contingency Planning Policy And Procedures	Hits: 13601
CP-02 Contingency Plan	Hits: 14238
CP-03 Contingency Training	Hits: 11663
CP-04 Contingency Plan Testing And Exercises	Hits: 19704
CP-05 Contingency Plan Update	Hits: 10640
CP-06 Alternate Storage Site	Hits: 12319
CP-07 Alternate Processing Site	Hits: 14605
CP-08 Telecommunications Services	Hits: 8908
CP-09 Information System Backup	Hits: 17754
CP-10 Information System Recovery And Reconstitution	Hits: 16648
IA-01 Identification And Authentication Policy And Procedures	Hits: 20978
IA-02 User Identification And Authentication	Hits: 28970
IA-03 Device Identification And Authentication	Hits: 24871
IA-04 Identifier Management	Hits: 18203
IA-05 Authenticator Management	Hits: 20083
IA-06 Authenticator Feedback	Hits: 14738
IA-07 Cryptographic Module Authentication	Hits: 20793
IR-01 Incident Response Policy And Procedures	Hits: 15309
IR-02 Incident Response Training	Hits: 13570
IR-03 Incident Response Testing And Exercises	Hits: 15672
IR-04 Incident Handling	Hits: 25375
IR-05 Incident Monitoring	Hits: 13711
IR-06 Incident Reporting	Hits: 13538
IR-07 Incident Response Assistance	Hits: 14110
MA-01 System Maintenance Policy And Procedures	Hits: 13545
MA-02 Controlled Maintenance	Hits: 14919
MA-03 Maintenance Tools	Hits: 12696
MA-04 Remote Maintenance	Hits: 14961
MA-05 Maintenance Personnel	Hits: 10542
MA-06 Timely Maintenance	Hits: 11574
MP-01 Media Protection Policy And Procedures	Hits: 13237
MP-02 Media Access	Hits: 13773
MP-03 Media Labeling	Hits: 9798
MP-04 Media Storage	Hits: 10314
MP-05 Media Transport	Hits: 10421
MP-06 Media Sanitization And Disposal	Hits: 11513
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 12737
PE-02 Physical Access Authorizations	Hits: 11321
PE-03 Physical Access Control	Hits: 15126
PE-04 Access Control For Transmission Medium	Hits: 10987
PE-05 Access Control For Display Medium	Hits: 10111
PE-06 Monitoring Physical Access	Hits: 13139
PE-07 Visitor Control	Hits: 9003
PE-08 Access Records	Hits: 7756
PE-09 Power Equipment And Power Cabling	Hits: 10566
PE-10 Emergency Shutoff	Hits: 10340
PE-11 Emergency Power	Hits: 9771
PE-12 Emergency Lighting	Hits: 9791
PE-13 Fire Protection	Hits: 10280
PE-14 Temperature And Humidity Controls	Hits: 9617
PE-15 Water Damage Protection	Hits: 10079
PE-16 Delivery And Removal	Hits: 10165
PE-17 Alternate Work Site	Hits: 7904
PE-18 Location Of Information System Components	Hits: 7952
PE-19 Information Leakage	Hits: 9880
PL-01 Security Planning Policy And Procedures	Hits: 17422
PL-02 System Security Plan	Hits: 12839
PL-03 System Security Plan Update	Hits: 7250
PL-04 Rules Of Behavior	Hits: 14220
PL-05 Privacy Impact Assessment	Hits: 9597
PL-06 Security-Related Activity Planning	Hits: 7512
PS-01 Personnel Security Policy And Procedures	Hits: 14408
PS-02 Position Categorization	Hits: 8287
PS-03 Personnel Screening	Hits: 9194
PS-04 Personnel Termination	Hits: 7710
PS-05 Personnel Transfer	Hits: 7231
PS-06 Access Agreements	Hits: 13379
PS-07 Third-Party Personnel Security	Hits: 12612
PS-08 Personnel Sanctions	Hits: 9101
RA-01 Risk Assessment Policy And Procedures	Hits: 13240
RA-02 Security Categorization	Hits: 16264
RA-03 Risk Assessment	Hits: 18635
RA-04 Risk Assessment Update	Hits: 12721
RA-05 Vulnerability Scanning	Hits: 22407
SA-01 System And Services Acquisition Policy And Procedures	Hits: 17984
SA-02 Allocation Of Resources	Hits: 14333
SA-03 Life Cycle Support	Hits: 16490
SA-04 Acquisitions	Hits: 15495
SA-05 Information System Documentation	Hits: 26406
SA-06 Software Usage Restrictions	Hits: 12480
SA-07 User Installed Software	Hits: 12151
SA-08 Security Engineering Principles	Hits: 19836
SA-09 External Information System Services	Hits: 14803
SA-10 Developer Configuration Management	Hits: 13629
SA-11 Developer Security Testing	Hits: 11704
SC-01 System And Communications Protection Policy And Procedures	Hits: 15787
SC-02 Application Partitioning	Hits: 15271
SC-03 Security Function Isolation	Hits: 18515
SC-04 Information Remnance	Hits: 19249
SC-05 Denial Of Service Protection	Hits: 18455
SC-06 Resource Priority	Hits: 12600
SC-07 Boundary Protection	Hits: 31173
SC-08 Transmission Integrity	Hits: 21171
SC-09 Transmission Confidentiality	Hits: 19847
SC-10 Network Disconnect	Hits: 13257
SC-11 Trusted Path	Hits: 15995
SC-12 Cryptographic Key Establishment And Management	Hits: 17424
SC-13 Use Of Cryptography	Hits: 19407
SC-14 Public Access Protections	Hits: 10924
SC-15 Collaborative Computing	Hits: 13695
SC-16 Transmission Of Security Parameters	Hits: 8340
SC-17 Public Key Infrastructure Certificates	Hits: 9473
SC-18 Mobile Code	Hits: 19797
SC-19 Voice Over Internet Protocol	Hits: 7900
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 19390
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 10787
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 10607
SC-23 Session Authenticity	Hits: 20178
SI-01 System And Information Integrity Policy And Procedures	Hits: 14287
SI-02 Flaw Remediation	Hits: 27777
SI-03 Malicious Code Protection	Hits: 24100
SI-04 Information System Monitoring Tools And Techniques	Hits: 26924
SI-05 Security Alerts And Advisories	Hits: 14917
SI-06 Security Functionality Verification	Hits: 20640
SI-07 Software And Information Integrity	Hits: 19072
SI-08 Spam Protection	Hits: 9625
SI-09 Information Input Restrictions	Hits: 9778
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 19041
SI-11 Error Handling	Hits: 14897
SI-12 Information Output Handling And Retention	Hits: 11415